Bug 8073

Summary: Missing gpg key
Product: [Retired] Red Hat Linux Reporter: orders1
Component: sharutilsAssignee: Preston Brown <pbrown>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6.1CC: aleksey
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2000-01-14 02:41:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description orders1 1999-12-30 22:20:13 UTC
sharutils-4.2.1-1.6.1.i386.rpm is not signed by Redhat gpg key.
Don't know about other architectures.

Comment 1 cobbe 1999-12-31 16:55:59 UTC
The corresponding SRPM isn't signed either.

Comment 2 Aleksey Nogin 2000-01-03 21:04:59 UTC
Also, sharutils-4.2.1-1.5.2.i386.rpm isn't signed.

I noticed, that this problem (unsigned packages in updates) occurs quite often.
Do you think it would make sense to write a script that checks all the packages
submitted to updates for being properly signed?

Comment 3 berv01 2000-01-05 04:42:59 UTC
What I noticed was that the md5sum from the package (sharutils-4.2.1-1.6.1) did
not match the one on the advisory web page, at least for the i386 and SRPMS. I
wonder what caused this...

Comment 4 Preston Brown 2000-01-14 02:41:59 UTC
this has been fixed.