Mime-Version: |
1.0 |
Sender: |
|
Date: |
Fri, 24 Feb 2012 00:50:42 +0400 |
Reply-To: |
|
Subject: |
|
From: |
|
Content-Transfer-Encoding: |
7bit |
In-Reply-To: |
|
Content-Type: |
text/plain |
Comments: |
|
Parts/Attachments: |
|
|
On Wed, 2012-02-22 at 11:36 -0600, Pat Riehecky wrote:
> Can I have you check again with rpmdev-checksig? The zlib rpm you
> listed below is signed by TUV and by SL, perhaps it is only checking the
> one key.
First of all, sorry for "lot of sources packages are not signed at all"
mistake -- just have not noticed the lower "pgp" string. :(
Well,
> # rpmdev-checksig zlib-1.2.3-27.el6.src.rpm
> zlib-1.2.3-27.el6.src.rpm: DSA/SHA1 - 192a7d7d -
<[log in to unmask]>
it shows gpg key only, and this key is OK.
> # rpm -K zlib-1.2.3-27.el6.src.rpm
> zlib-1.2.3-27.el6.src.rpm: (sha1) dsa sha1 (MD5) PGP md5 gpg NOT OK
Here I see that "gpg" seems OK, but "PGP" (and "MD5" ?) not.
Maybe it is due to I run it under Fedora 12 with rpm-4.7.2 ?
BTW, what is a reason to sign already TUV-signed package again by SL
sign (if it is actually a case)?
Regards,
Dmitry Butskoy
|
|
|