Re: [newbie] Renew gpg key

[Dick Gevers]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello Fajar,

On Tue, 30 Sep 2003 08:08:31 +0700, Fajar Priyanto [EMAIL PROTECTED]
wrote about [newbie] Renew gpg key:

Dear all,
I've just realized that today my gpg key is expired.
How do I renew it without importing and signing all my friends' key again?

gpg --edit-key 0xdeadbeef expire

Regards,
=Dick Gevers=

.
Mandrake visibility? See headers...
.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Encryption is an envelope - the contents are private.

iD8DBQE/eeXZwC/zk+cxEdMRAqEEAJ4qmIdYZJ/kxfDTwGTTArRe6kLKyACg62ah
4tSDsiM8riSff4NBXw2+uOw=
=SbQE
-END PGP SIGNATURE-

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [newbie-it] gpg

[Luigi Pinna]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Alle 21:33, lunedì 16 giugno 2003, miKe ha scritto:
 Alle 23:42, domenica 15 giugno 2003,  in merito a Re: [newbie-it]
...
 hai già provato a dare
 gpg --edit-key ..
 e quindi segnare l' uid che vuoi come predefinito  con 'uid 3 '
 e dargli 'primary'  ?

No, non avevo provato! Adesso funziona (ho appena fatto una prova).
Grazie!
- -- 
E' stata una donna a portarmi all'alcolismo, ed io non ho mai avuto la
cortesia di ringraziarla.
-- W. C. Fields
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE+7shoTvJtVxCNwP4RAmdFAKCNYmR6FQLJCuvyK5arXZd0eS66egCghfZr
jHTQNGJXzoDh13ACPYp9gDY=
=sijz
-END PGP SIGNATURE-

Re: [newbie-it] gpg

[miKe]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Alle 23:42, domenica 15 giugno 2003,  in merito a Re: [newbie-it] gpg,  
Luigi Pinna   ha scritto:
 Alle 01:01, domenica 15 giugno 2003, miKe ha scritto:
  Alle 02:51, giovedì 12 giugno 2003,  in merito a [newbie-it] gpg,
  Luigi
 
  Pinna   ha scritto:
   Come faccio? lo fa solo con l'identità principale!!!
   Nel senso che non mi firma più con l'identità principale!
 
  spiegaci meglio..
  ti firma solo con l'dentità principale o non ti firma?

 Il contrario!
 Ho 3 chiavi, la principale (a) non viene più usata anche se
 selezionata mentre (b) e (c) vengono usate. In pratica il posto di
 (a) mi usa (c)

   Cercando di settare il uid come primario il programma me lo ha
   impedito! Che fare?
 
  la chiave che vuoi usare come principale l'hai trustata?
  (le hai dato la tua fiducia e l'hai processata con  sign?)

 Questo è l'output di gpg; come puoi vedere è trustata. Peccato che la
 chiave a cui si riferisca è quella di (a) e non di (c)!

 gpg --edit-key ...
 gpg (GnuPG) 1.2.2; Copyright (C) 2003 Free Software Foundation, Inc.
 This program comes with ABSOLUTELY NO WARRANTY.
 This is free software, and you are welcome to redistribute it
 under certain conditions. See the file COPYING for details.

 È disponibile una chiave segreta.

 pub  1024D/DC9798AB  creata: 2002-09-12 scade: 2003-09-12 fiducia:
 u/u sub  1024g/2688BBE3  creata: 2002-09-12 scade: 2003-09-12
 (1). (c)
 (2)  (a)
 (3)  (b)

hai già provato a dare 
gpg --edit-key ...
e quindi segnare l' uid che vuoi come predefinito  con 'uid 3 ' 
e dargli 'primary'  ?


- -- 

bye

miKe




Slackware 8.1 GNU/Linux 2.4.21 @ hp  Xe3
R.U.#219755 -- S.R.U.#705 -- R.M.#110932



-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE+7ht5F/9fksDJ4y0RArrsAJ9+wBK6fyrNx6uF0KacpwnKB8MfrACfeLKZ
NyBGJ2RgSctonEC/Q7U5I+Y=
=F/uo
-END PGP SIGNATURE-

Re: [newbie-it] gpg

[Luigi Pinna]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Alle 01:01, domenica 15 giugno 2003, miKe ha scritto:
 Alle 02:51, giovedì 12 giugno 2003,  in merito a [newbie-it] gpg, 
 Luigi

 Pinna   ha scritto:
  Come faccio? lo fa solo con l'identità principale!!!
  Nel senso che non mi firma più con l'identità principale!

 spiegaci meglio..
 ti firma solo con l'dentità principale o non ti firma?

Il contrario!
Ho 3 chiavi, la principale (a) non viene più usata anche se selezionata 
mentre (b) e (c) vengono usate. In pratica il posto di (a) mi usa (c)


  Cercando di settare il uid come primario il programma me lo ha
  impedito! Che fare?

 la chiave che vuoi usare come principale l'hai trustata?
 (le hai dato la tua fiducia e l'hai processata con  sign?)

Questo è l'output di gpg; come puoi vedere è trustata. Peccato che la 
chiave a cui si riferisca è quella di (a) e non di (c)!

gpg --edit-key ...
gpg (GnuPG) 1.2.2; Copyright (C) 2003 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

È disponibile una chiave segreta.

pub  1024D/DC9798AB  creata: 2002-09-12 scade: 2003-09-12 fiducia: u/u
sub  1024g/2688BBE3  creata: 2002-09-12 scade: 2003-09-12
(1). (c)
(2)  (a)
(3)  (b)


- -- 
Come spieghi cos'e' la scuola ad un'intelligenza superiore?
-- Elliot, E.T.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE+7OhNTvJtVxCNwP4RArP2AJ9s/ZP2QXzRSciuD0U6xgDFMfhhXQCfTUCf
up2A3WvTR0aMSJ60iFrBCwE=
=IqDk
-END PGP SIGNATURE-

[newbie-it] gpg

[Luigi Pinna]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ciao a tutti! Siccome possiedo diversi account email e ho deciso che 
era
più semplice creare diverse chiavi private, mi ritrovo ora con 3 chiavi
private e altrettante pubbliche.
Il problema nasce dal fatto che Kmail mi sta firmando in una cartella
con l'identità sbagliata!
Come faccio? lo fa solo con l'identità principale!!!
Nel senso che non mi firma più con l'identità principale!
Cercando di settare il uid come primario il programma me lo ha impedito!
Che fare?
- --
Ho una mappa esistenziale.  Ha Voi siete qui scritto dappertutto.
-- Steven Wright
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE+586cTvJtVxCNwP4RAonUAJ9F35zAMSA0eLejF2I6I37vhmUVgwCg1Mie
jRsxyUT+4BoYub4InFxflAk=
=+KLJ
-END PGP SIGNATURE-

Re: [newbie] No GPG signature?

[eric huff]

 The risks may be small, but last year the openssh project site  (I think
 it was openssh)  was hacked and a malicious .tar.gz file was substituted
 in the download area. It was about a week before anyone noticed.

 To put someones gpg identity on your key ring. Download their public key
 which you will find somewhere on their download site and in a root
 terminal enter ' gpg --import key_file_name'

The problem is often that the rpm's aren't signed to begin with...

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re[2]: [newbie] No GPG signature?

[rikona]

Hello eric,

Monday, June 2, 2003, 11:20:10 PM, you wrote:

eh I asked the same ? and a couple people said not to worry about it if it was 
eh from one of the known/respected sites. I guess it would depend on just 
eh how paranoid you are

I have a large amount of valuable-to-me info on my local net. I was
also a victim of identity theft - a terrible experience. My paranoia
index is QUITE high!

Hello Charles,

Tuesday, June 3, 2003, 5:53:18 AM, you wrote:

CAE Normally, since Contrib is not 'officially' maintained
CAE some/many/most Contrib rpms are not signed.

I think this was what the MD install was complaining about.

CAE I did the sylpheed-claws rpms and I believe that Lenny did the one for
CAE 'plain' sylpheed.

Thanks for your contribution.

Hello Derek,

Tuesday, June 3, 2003, 2:44:40 AM, you wrote:

DJ If the package is coming from a 'respectable' site, then the risk
DJ is small.

OK - I'll install it and hope for the best. :-)

-- 
Thank you,
 rikonamailto:[EMAIL PROTECTED]


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

[newbie] No GPG signature?

[rikona]

Hello,

I downloaded sylpheed from a contrib mirror, and during the install I
get a message 'No GPG signature in package'. Does this imply a
security risk in installing the package? I didn't get this in 9.0. Is
this a new check in 9.1 or is the package really different?

Thanks.

-- 
Best regards,
 rikona  mailto:[EMAIL PROTECTED]


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [newbie] No GPG signature?

[eric huff]

I asked the same ? and a couple people said not to worry about it if it was 
from one of the known/respected sites. I guess it would depend on just 
how paranoid you are

If the sig is borked (ie you actually did download the key, the package has 
one, *and* you get an error) that might be a problem.

eric

On Mon June 2 2003 10:34 pm, rikona wrote:
 I downloaded sylpheed from a contrib mirror, and during the install I
 get a message 'No GPG signature in package'. Does this imply a
 security risk in installing the package? I didn't get this in 9.0. Is
 this a new check in 9.1 or is the package really different?


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [newbie] No GPG signature?

[Charles A Edwards]

On Mon, 2 Jun 2003 22:34:12 -0700
rikona [EMAIL PROTECTED] wrote:

 I downloaded sylpheed from a contrib mirror, and during the install I
 get a message 'No GPG signature in package'. Does this imply a
 security risk in installing the package? I didn't get this in 9.0. Is
 this a new check in 9.1 or is the package really different?


Normally, since Contrib is not 'officially' maintained some/many/most
Contrib rpms are not signed.
I did the sylpheed-claws rpms and I believe that Lenny did the one for
'plain' sylpheed.


Charles

-- 
The best portion of a good man's life, his little, nameless,
unremembered acts
of kindness and love.
-- Wordsworth
-
Mandrake Linux 9.2 on PurpleDragon
Kernel-enterprise-2.4.21.0rc1.1mdk
-


pgp0.pgp
Description: PGP signature

Re: [newbie] RPM GPG.

[Stephen Kuhn]

On Mon, 2002-11-11 at 17:06, Seedkum Aladeem wrote:
 Hi,
 
 I was trying to install an rpm package using the software installer that came 
 with LM9.0 and its KDE gui. Using Konqueror, I right clicked on the rpm 
 package on the source ftp site then I selected software installer from the 
 pop-up window. A short while later I got this message No GPG signature in 
 package. Do you want to install anyway? I was trying to install the 
 following package:
 ftp://icarus.com/pub/eda/verilog/v0.6/RPMS/verilog-0.6-0.i386.rpm
 How dangerous is it to go ahead with the install?
 
 Thanx,
 
 Seedkum
 
OH MY GOD - IT COULD BE HORRIBLY DANGEROUS! (Not!)
Having the GPG sig is only really reassurance that it's not been messed
with by anyone but the author (or packager)...so by installing it
without the GPG sig, you're just assuming that the package is alright
and sticking it on your system FAITHFULLY...I personally don't think
that a script kiddie is going to muck around with an RPM...that is, IF
a script kiddie even knew what an RPM was in the first place...

-- 
Mon Nov 11 22:40:00 EST 2002


|____  |
|   /  \ /| |'-.   |
|  .\__/ || |   |  |
|   _ /  `._ \|_|_.-'  |
|  | /  \__.`=._) (_   |kuhn media australia
|  |/ ._/  || |http://kma.0catch.com
|  |'.  `\ | | |stephen kuhn
|  ;/ / | | |email: [EMAIL PROTECTED]
|  smk  ) /_/| |.---.| |mobile: 0410-728-389
|  '  `-`'   |


I hope you millionaires are having fun!  I just invested half your life
savings in yeast!!


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

[newbie] RPM GPG.

[Seedkum Aladeem]

Hi,

I was trying to install an rpm package using the software installer that came 
with LM9.0 and its KDE gui. Using Konqueror, I right clicked on the rpm 
package on the source ftp site then I selected software installer from the 
pop-up window. A short while later I got this message No GPG signature in 
package. Do you want to install anyway? I was trying to install the 
following package:
ftp://icarus.com/pub/eda/verilog/v0.6/RPMS/verilog-0.6-0.i386.rpm
How dangerous is it to go ahead with the install?

Thanx,

Seedkum



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com