kevin reported a new issue against the project: `fedora-websites` that you are following: `` See: https://bugzilla.redhat.com/show_bug.cgi?id=1485017 "First: I suspect that this is not an issue to worry about, but to be absolutely shure, I'm reporting this. Second: This might be an error in gpg; I would like this to be decided by someone who has more knowledge about keys, deployment and such matters. Running gpg --verify-files *-CHECKSUM on Fedora-Workstation-netinst-x86_64-26-1.5.iso succeeds. However, the key used is reported to have a fingerprint that differs from what it should be by an extra space character between two groups of characters. The key was downloaded with curl https://getfedora.org/static/fedora.gpg | gpg --import Version-Release number of selected component (if applicable): Fedora-Workstation-netinst-x86_64-26-1.5.iso Fedora-Workstation-26-1.5-x86_64-CHECKSUM How reproducible: This is run on Fedora 24, no updates available. (I know it's EOL, but I don't think that is relevant unless this is a gpg bug that is fixed in later versions. I couldn't find any bug reports relevant to this.) Steps to Reproduce: 1. $ LANG=en gpg --verify-files *-CHECKSUM gpg: Signature made Fri Jul 7 17:13:31 2017 CEST using RSA key ID 64DAB85D gpg: Good signature from "Fedora 26 Primary (26) <fedora-26-primary@xxxxxxxxxxxxxxxxx>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: E641 850B 77DF 4353 78D1 D7E2 812A 6B4B 64DA B85D $ 2. Compare fingerprint to Fedora 26 primary fingerprint on website at https://getfedora.org/en/keys/ Actual results: E641 850B 77DF 4353 78D1 D7E2 812A 6B4B 64DA B85D ^ Extra space here Expected results: E641 850B 77DF 4353 78D1 D7E2 812A 6B4B 64DA B85D Additional info: I believe that the spaces are just for readability, and that they are not included in the actual fingerprints. Still, with keys being as important as they are, any confusion regarding their validity should be removed." `` To reply, visit the link below or just reply to this email https://pagure.io/fedora-websites/issue/707 _______________________________________________ websites mailing list -- websites@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to websites-leave@xxxxxxxxxxxxxxxxxxxxxxx
