up2date: package not signed with a GPG-key (aborting...)

Michael Schwendt ms-nospam-0306 at arcor.de
Sun Nov 30 04:41:27 UTC 2003


On Sun, 30 Nov 2003 03:54:28 +0100, A.J. Bonnema wrote:

> Michael Schwendt wrote:
> > Visit the home pages of the package repositories in your sources list
> > and retrieve the missing GPG keys.
> > 
> > E.g. read the instructions at http://rpm.livna.org/
> > 
> > 
> > http://rpm.livna.org/RPM-LIVNA-GPG-KEY
> > http://www.fedora.us/FEDORA-GPG-KEY
> > 
> 
> Ok, thank you very much, that did it. I thought I had all the keys, but 
> obviously fedora.us-key was missing.
> 
> Still the error message is at least misleading.
> It says: "Package aalib-1.4.0-0.fdr.0.8.rc5.1 does not have a GPG signature"
> 
> In other words, it says the package is the problem, where it should you: 
> hey, the Fedora.us key is missing, please import.
> 
> Should this be a bug in bugzilla? Or a feature request? (new ground to me).

Sounds a bit like it could be a known bug or deficiency. Checking
http://bugzilla.redhat.com might answer whether it is known already. If
it isn't and if you can demonstrate that the downloaded aalib package is
really signed (rpm -Kv aalib*.rpm) and verifies as good, submitting a
bug report shouldn't hurt anyone. Such misleading error messages are not
good.

-- 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20031130/611ba9bf/attachment-0001.sig>


More information about the fedora-list mailing list