Re: Apt-get package verification
On Tuesday 13 February 2001 15:02, marcoghidinelli wrote:
> On Sat, Feb 10, 2001 at 02:52:57PM -0600, Bud Rogers wrote:
> > I have the same problem with Martin Schulze's sigs. I've retrieved
> > the debian keyring from the website and from my CD, I've manually
> > retrieved his key from public keyservers and from the debian
> > website All the fingerprints match. I've signed his key on my
> > keyring. I even tried giving it full trust. His sigs are still
> > flagged as bad here.
> sure?? all the debian-security-announce was correctly signed..
Yes. Wichert's signature yesterday on dsa-030-1 appeared bad here
also. At least my mailer marked it as bad. I saved the email and
tried to verify it manually. Here's what I get:
budr@twocups:~$ gpg --verify dsa-030-1
gpg: Signature made Mon Feb 12 11:11:53 2001 CST using RSA key ID
gpg: BAD signature from "Wichert Akkerman <firstname.lastname@example.org>"
I'm satisfied Wichert's signature is not bad, nor is Martin's. I just
haven't figured out how to make them good at my end. Sorry, I don't
mean to be a pest. I would like to get this right.
Bud Rogers <email@example.com> http://www.sirinet.net/~budr/zamm.html
All things in moderation. And not too much moderation either.