[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #25791] grep-2.5.4 source tarball signed with wrong/inaccessible pu
|
From: |
Bernard Leak |
|
Subject: |
[bug #25791] grep-2.5.4 source tarball signed with wrong/inaccessible public key |
|
Date: |
Sun, 08 Mar 2009 11:26:45 +0000 |
|
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a4pre) Gecko/20080310 SeaMonkey/1.5a |
URL:
<http://savannah.gnu.org/bugs/?25791>
Summary: grep-2.5.4 source tarball signed with
wrong/inaccessible public key
Project: grep
Submitted by: brendaarkle
Submitted on: Sun 08 Mar 2009 11:26:42 AM GMT
Category: None
Severity: 3 - Normal
Item Group: None
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
_______________________________________________________
Details:
I've just downloaded grep-2.5.4.tar.bz2 and its accompanying
.sig file.
gpg --verify *.sig produced...
gpg: Signature made Tue 10 Feb 2009 04:42:18 GMT using DSA key ID 9F759EEC
gpg: Can't check signature: public key not found
My "fetch" script (running from the MIT server) said the
key wasn't found.
Searching on the web for 9F759EEC produced a link to
https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=grep
which no longer has a trace of this key Moreover, it helpfully
tells me that I can import the keyring into gpg after
downloading it, but not where I can find it in the first place.
Clearly, this is a key which used to exist but has now been
withdrawn... but still, what is going on?
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?25791>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [bug #25791] grep-2.5.4 source tarball signed with wrong/inaccessible public key,
Bernard Leak <=