http://fedora.redhat.com/ and GPG Signatures
CJ Kucera
fedora at apocalyptech.com
Fri Apr 23 20:56:37 UTC 2004
Hello, I've asked around a bit and apparently this is the best place
to send this through, so here goes:
On the Fedora website, in particular:
http://fedora.redhat.com/about/security/
Two links are given for the primary Fedora package signing key, one at
fedora.redhat.com, and the other at the public keyserver pgp.mit.edu.
I've been trying to figure out why the key I've been using hasn't
been validating RPMs properly, and as it turns out, the key being
given at pgp.mit.edu is *different* from the key at fedora.redhat.com.
This was a bit confusing, as both keys had the same datestamp and the
same ID, so I've been beating my head against the wall for some time
now. The one hosted at fedora.redhat.com works, the one at pgp.mit.edu
doesn't. Now obviously the one at pgp.mit.edu should probably be
updated somehow to be the correct key, but in the meantime it'd be
great if the website mentioned something along the lines of, "don't
grab the one at pgp.mit.edu because it won't work" and take that
link off of there, so that people like me who generally *only* use
public keyservers won't spend a lot of time confused. :)
Thanks!
-CJ
--
WOW: Kakistocracy | "The ships hung in the sky in much the same
apocalyptech.com/wow | way that bricks don't." - Douglas Adams,
fedora at apocalyptech.com | _The Hitchhiker's Guide To The Galaxy_
More information about the fedora-devel-list
mailing list