|Summary:||Missing gpg key|
|Product:||[Retired] Red Hat Linux||Reporter:||orders1|
|Component:||sharutils||Assignee:||Preston Brown <pbrown>|
|Status:||CLOSED CURRENTRELEASE||QA Contact:|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2000-01-14 02:41:28 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
Description orders1 1999-12-30 22:20:13 UTC
sharutils-4.2.1-1.6.1.i386.rpm is not signed by Redhat gpg key. Don't know about other architectures.
Comment 1 cobbe 1999-12-31 16:55:59 UTC
The corresponding SRPM isn't signed either.
Comment 2 Aleksey Nogin 2000-01-03 21:04:59 UTC
Also, sharutils-4.2.1-1.5.2.i386.rpm isn't signed. I noticed, that this problem (unsigned packages in updates) occurs quite often. Do you think it would make sense to write a script that checks all the packages submitted to updates for being properly signed?
Comment 3 berv01 2000-01-05 04:42:59 UTC
What I noticed was that the md5sum from the package (sharutils-4.2.1-1.6.1) did not match the one on the advisory web page, at least for the i386 and SRPMS. I wonder what caused this...
Comment 4 Preston Brown 2000-01-14 02:41:59 UTC
this has been fixed.