On Sat, 10 Sep 2016, Tomasz Pala wrote: > On Sat, Sep 10, 2016 at 11:41:46 +0300, Elan Ruusamäe wrote: > > >>> Since we got the answer for this issue - th-admin, please publish > >>> separate GPG files. > >> Are we announcing PLD being dead? Current DSA+RSA GPG key is unusable > >> for rpm, the one from FTP is being packaged, so it's also unusable. > >> Nobody cares? > > > > and you really expecting th-admin picking up a task middle of huge > > thread? you should had asked it from th-ad...@pld-linux.org (or at least > > cc:). > > Indeed, forgot to do so. > > > i don't bother understanding what this topic is about -- packages > > install for me. > > RPM doesn't support subkeys, but we do not provide separate DSA key. Easy to > test: > > 1. disable using keyserver: %_hkp_keyserver %{nil} > 2. import joined key we do provide: > rpm --import /etc/pki/rpm-gpg/PLD-3.0-Th-GPG-key.asc > 3. try to verify any PLD package. > > > but, i could upload the files if you make concrete request with details > > what needs to be done, > > GPG key that is being used for package signing needs to published (the > public part of course). Note the singular 'key', NOT plural 'keyS'. One > per file, if there are multiple keys used. Currently > ftp://ftp.pld-linux.org/dists/3.0/PLD-3.0-Th-GPG-key.asc provides two > (however I haven't seen any package signed by RSA one, AFAIR.)
Done. I removed RSA key from the ftp://ftp.pld-linux.org/dists/3.0/PLD-3.0-Th-GPG-key.asc file, as we indeed sign only with DSA key. -- Jan Rękorajski | PLD/Linux SysAdm | baggins<at>pld-linux.org | http://www.pld-linux.org/ _______________________________________________ pld-devel-en mailing list pld-devel-en@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-devel-en