Bug 8073 - Missing gpg key
Summary: Missing gpg key
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: sharutils
Version: 6.1
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Preston Brown
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 1999-12-30 22:20 UTC by orders1
Modified: 2008-05-01 15:37 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2000-01-14 02:41:28 UTC

Attachments (Terms of Use)

Description orders1 1999-12-30 22:20:13 UTC
sharutils-4.2.1-1.6.1.i386.rpm is not signed by Redhat gpg key.
Don't know about other architectures.

Comment 1 cobbe 1999-12-31 16:55:59 UTC
The corresponding SRPM isn't signed either.

Comment 2 Aleksey Nogin 2000-01-03 21:04:59 UTC
Also, sharutils-4.2.1-1.5.2.i386.rpm isn't signed.

I noticed, that this problem (unsigned packages in updates) occurs quite often.
Do you think it would make sense to write a script that checks all the packages
submitted to updates for being properly signed?

Comment 3 berv01 2000-01-05 04:42:59 UTC
What I noticed was that the md5sum from the package (sharutils-4.2.1-1.6.1) did
not match the one on the advisory web page, at least for the i386 and SRPMS. I
wonder what caused this...

Comment 4 Preston Brown 2000-01-14 02:41:59 UTC
this has been fixed.

Note You need to log in before you can comment on or make changes to this bug.