Re: Apt-get package verification

[Bud Rogers <budr@sirinet.net>]

On Tuesday 13 February 2001 15:02, marcoghidinelli wrote:
> On Sat, Feb 10, 2001 at 02:52:57PM -0600, Bud Rogers wrote:

> > I have the same problem with Martin Schulze's sigs.  I've retrieved
> > the debian keyring from the website and from my CD,  I've manually
> > retrieved his key from public keyservers and from the debian
> > website All the fingerprints match.  I've signed his key on my
> > keyring.  I even tried giving it full trust.  His sigs are still
> > flagged as bad here.
>
> sure?? all the debian-security-announce was correctly signed..

Yes.  Wichert's signature yesterday on dsa-030-1 appeared bad here 
also.  At least my mailer marked it as bad.  I saved the email and 
tried to verify it manually.  Here's what I get:

budr@twocups:~$ gpg --verify dsa-030-1 
gpg: Signature made Mon Feb 12 11:11:53 2001 CST using RSA key ID 
ED9547ED 
gpg: BAD signature from "Wichert Akkerman <wakkerma@wi.leidenuniv.nl>" 
budr@twocups:~$ 

I'm satisfied Wichert's signature is not bad, nor is Martin's.  I just 
haven't figured out how to make them good at my end.  Sorry, I don't 
mean to be a pest.  I would like to get this right.

-- 
Bud Rogers <budr@sirinet.net>   http://www.sirinet.net/~budr/zamm.html
    All things in moderation.  And not too much moderation either.