another RHL9 kernel patch.

[Carlos Villegas]

On Fri, Jun 18, 2004 at 09:12:48AM -0700, Jesse Keating wrote:
> On Friday 18 June 2004 09:09, Jon Peatfield wrote:
> > and the --checksig -v *still* shows that keyid 5178e2a5 is unknown.
> >
> > What am I doing wrong?  Should I get the public key some other way?
> 
> Try importing it into root's key, or whoever you're running rpm as.

No, that was the case for RH 7.x, he is using RH9. I'm not sure
why that happened, but I guess that signature you got from mit is
signed, and that's a know problem. 

However you shouldn't need to do that:

1. You can check that the srpm is the same by verifying the sha1sum
in the signed message (and verifying the signature of that
message containing the sha1sum). 

2. I wouldn't import any individual keys to the rpm db just to
check that, maybe I'm too paranoid :)

3. When the rpm is released it will be signed with the Fedora Legacy
Key, and as long as that works you're ok.

Carlos