[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #25791] grep-2.5.4 source tarball signed with wrong/inaccessible pu

From: Bernard Leak
Subject: [bug #25791] grep-2.5.4 source tarball signed with wrong/inaccessible public key
Date: Sun, 08 Mar 2009 11:26:45 +0000
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a4pre) Gecko/20080310 SeaMonkey/1.5a


                 Summary: grep-2.5.4 source tarball signed with
wrong/inaccessible public key
                 Project: grep
            Submitted by: brendaarkle
            Submitted on: Sun 08 Mar 2009 11:26:42 AM GMT
                Category: None
                Severity: 3 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any



I've just downloaded grep-2.5.4.tar.bz2 and its accompanying
.sig file.

gpg --verify *.sig produced...

gpg: Signature made Tue 10 Feb 2009 04:42:18 GMT using DSA key ID 9F759EEC
gpg: Can't check signature: public key not found

My "fetch" script (running from the MIT server) said the
key wasn't found.

Searching on the web for 9F759EEC produced a link to
which no longer has a trace of this key  Moreover, it helpfully
tells me that I can import the keyring into gpg after
downloading it, but not where I can find it in the first place.

Clearly, this is a key which used to exist but has now been
withdrawn... but still, what is going on?


Reply to this item at:


  Message sent via/by Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]