Description of problem:

First: I suspect that this is not an issue to worry about, but to be absolutely shure, I'm reporting this.

Second: This might be an error in gpg; I would like this to be decided by someone who has more knowledge about keys, deployment and such matters.


Running

    gpg --verify-files *-CHECKSUM

on Fedora-Workstation-netinst-x86_64-26-1.5.iso succeeds.

However, the key used is reported to have a fingerprint that differs from what it should be by an extra space character between two groups of characters.

The key was downloaded with

    curl https://getfedora.org/static/fedora.gpg | gpg --import

Version-Release number of selected component (if applicable):

    Fedora-Workstation-netinst-x86_64-26-1.5.iso
    Fedora-Workstation-26-1.5-x86_64-CHECKSUM

How reproducible:
This is run on Fedora 24, no updates available. (I know it's EOL, but I don't think that is relevant unless this is a gpg bug that is fixed in later versions. I couldn't find any bug reports relevant to this.)

Steps to Reproduce:
1.

$ LANG=en gpg --verify-files *-CHECKSUM
gpg: Signature made Fri Jul  7 17:13:31 2017 CEST using RSA key ID 64DAB85D
gpg: Good signature from "Fedora 26 Primary (26) <fedora-26-primary>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: E641 850B 77DF 4353 78D1  D7E2 812A 6B4B 64DA B85D
$

2.
Compare fingerprint to Fedora 26 primary fingerprint on website at
    https://getfedora.org/en/keys/


Actual results:
E641 850B 77DF 4353 78D1  D7E2 812A 6B4B 64DA B85D
                         ^
                    Extra space here

Expected results:
E641 850B 77DF 4353 78D1 D7E2 812A 6B4B 64DA B85D

Additional info:
I believe that the spaces are just for readability, and that they are not included in the actual fingerprints. Still, with keys being as important as they are, any confusion regarding their validity should be removed.