8073 – Missing gpg key

Bug 8073 - Missing gpg key

Summary: Missing gpg key

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	sharutils
Sub Component:
Version:	6.1
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Preston Brown
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	1999-12-30 22:20 UTC by orders1
Modified:	2008-05-01 15:37 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2000-01-14 02:41:28 UTC
Embargoed:

Attachments	(Terms of Use)

Description orders1 1999-12-30 22:20:13 UTC

sharutils-4.2.1-1.6.1.i386.rpm is not signed by Redhat gpg key.
Don't know about other architectures.

Comment 1 cobbe 1999-12-31 16:55:59 UTC

The corresponding SRPM isn't signed either.

Comment 2 Aleksey Nogin 2000-01-03 21:04:59 UTC

Also, sharutils-4.2.1-1.5.2.i386.rpm isn't signed.

I noticed, that this problem (unsigned packages in updates) occurs quite often.
Do you think it would make sense to write a script that checks all the packages
submitted to updates for being properly signed?

Comment 3 berv01 2000-01-05 04:42:59 UTC

What I noticed was that the md5sum from the package (sharutils-4.2.1-1.6.1) did
not match the one on the advisory web page, at least for the i386 and SRPMS. I
wonder what caused this...

Comment 4 Preston Brown 2000-01-14 02:41:59 UTC

this has been fixed.

Note You need to log in before you can comment on or make changes to this bug.