Bug 8073 - Missing gpg key
Summary: Missing gpg key
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: sharutils
Version: 6.1
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Preston Brown
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 1999-12-30 22:20 UTC by orders1
Modified: 2008-05-01 15:37 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2000-01-14 02:41:28 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description orders1 1999-12-30 22:20:13 UTC 
sharutils-4.2.1-1.6.1.i386.rpm is not signed by Redhat gpg key.
Don't know about other architectures.
Comment 1 cobbe 1999-12-31 16:55:59 UTC 
The corresponding SRPM isn't signed either.
Comment 2 Aleksey Nogin 2000-01-03 21:04:59 UTC 
Also, sharutils-4.2.1-1.5.2.i386.rpm isn't signed.

I noticed, that this problem (unsigned packages in updates) occurs quite often.
Do you think it would make sense to write a script that checks all the packages
submitted to updates for being properly signed?
Comment 3 berv01 2000-01-05 04:42:59 UTC 
What I noticed was that the md5sum from the package (sharutils-4.2.1-1.6.1) did
not match the one on the advisory web page, at least for the i386 and SRPMS. I
wonder what caused this...
Comment 4 Preston Brown 2000-01-14 02:41:59 UTC 
this has been fixed.
Note You need to log in before you can comment on or make changes to this bug.