 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Fri, 24 Feb 2012 00:50:42 +0400 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
On Wed, 2012-02-22 at 11:36 -0600, Pat Riehecky wrote:
> Can I have you check again with rpmdev-checksig? The zlib rpm you
> listed below is signed by TUV and by SL, perhaps it is only checking the
> one key.
First of all, sorry for "lot of sources packages are not signed at all"
mistake -- just have not noticed the lower "pgp" string. :(
Well,
> # rpmdev-checksig zlib-1.2.3-27.el6.src.rpm
> zlib-1.2.3-27.el6.src.rpm: DSA/SHA1 - 192a7d7d -
<[log in to unmask]>
it shows gpg key only, and this key is OK.
> # rpm -K zlib-1.2.3-27.el6.src.rpm
> zlib-1.2.3-27.el6.src.rpm: (sha1) dsa sha1 (MD5) PGP md5 gpg NOT OK
Here I see that "gpg" seems OK, but "PGP" (and "MD5" ?) not.
Maybe it is due to I run it under Fedora 12 with rpm-4.7.2 ?
BTW, what is a reason to sign already TUV-signed package again by SL
sign (if it is actually a case)?
Regards,
Dmitry Butskoy
|
|
|
