Red Hat Bugzilla – Bug 152671
The two listed locations for Fedora Legacy's GPG key show different data
Last modified: 2008-05-01 11:38:06 EDT
There are two links for Fedora Legacy's GPG key - at
The two keys that you obtain by following them are different. I compared them
because I was wanting to verify that the one for downloading hadn't been
Maybe this is how it is meant to be, but not being a GPG expert, I wouldn't
know. If it is how it is meant to be, it ought to be explained on the website.
------- Additional Comments From Freedom_Lover@pobox.com 2004-02-13 11:23:19 ----
I assume you downloaded both keys and ran diff or something on them? If so,
that's expected. The ASCII armoring of the keys can and often does differ, but
What's important is that the key id and fingerprint are the same. Importing the
keys into gpg indeed shows that they match. The only difference between the key
on the website and the one on the keyserver is that the key on the keyserver is
signed by Jesse Keating, intrepid leader of the Legacy project.
There was a recent post on the gnupg-users list regarding the differences in
ASCI armored output between a local key export and that from a keyserver. One
of the GnuPG developers, David Shaw, answered it here:
Hope this helps.
BTW, Jesse (if you're reading this), can you add a nnote to you TODO list to
check the fingerprint of the Legacy key and post that eother to the list or
confirm it to Eric so he can add that info to the website?
------- Bug moved to this database by email@example.com 2005-03-30 18:23 -------
This bug previously known as bug 1290 at https://bugzilla.fedora.us/
Originally filed under the Fedora Legacy product and General component.
Unknown priority P2. Setting to default priority "normal".
Setting qa contact to the default for this product.
This bug either had no qa contact or an invalid one.