There are two links for Fedora Legacy's GPG key - at http://www.fedoralegacy.org/about/security.php The two keys that you obtain by following them are different. I compared them because I was wanting to verify that the one for downloading hadn't been tampered with. Maybe this is how it is meant to be, but not being a GPG expert, I wouldn't know. If it is how it is meant to be, it ought to be explained on the website. ------- Additional Comments From Freedom_Lover 2004-02-13 11:23:19 ---- David, I assume you downloaded both keys and ran diff or something on them? If so, that's expected. The ASCII armoring of the keys can and often does differ, but that's harmless. What's important is that the key id and fingerprint are the same. Importing the keys into gpg indeed shows that they match. The only difference between the key on the website and the one on the keyserver is that the key on the keyserver is signed by Jesse Keating, intrepid leader of the Legacy project. There was a recent post on the gnupg-users list regarding the differences in ASCI armored output between a local key export and that from a keyserver. One of the GnuPG developers, David Shaw, answered it here: http://lists.gnupg.org/pipermail/gnupg-users/2004-January/021403.html Hope this helps. BTW, Jesse (if you're reading this), can you add a nnote to you TODO list to check the fingerprint of the Legacy key and post that eother to the list or confirm it to Eric so he can add that info to the website? ------- Bug moved to this database by dkl 2005-03-30 18:23 ------- This bug previously known as bug 1290 at https://bugzilla.fedora.us/ https://bugzilla.fedora.us/show_bug.cgi?id=1290 Originally filed under the Fedora Legacy product and General component. Unknown priority P2. Setting to default priority "normal". Setting qa contact to the default for this product. This bug either had no qa contact or an invalid one.