Hi all, I encountered some problems with the KEYS at http://www.apache.org/dist/httpd/KEYS and http://www.apache.org/dist/apr/KEYS with the "rpm --checksig" or "rpm -K" command on some of the rpms such as http://www.apache.org/dist/httpd/binaries/rpm/SRPMS/httpd-2.0.58-1.src.rpm, http://www.apache.org/dist/apr/binaries/rpm/SRPMS/apr-0.9.12-1.src.rpm, http://www.apache.org/dist/apr/binaries/rpm/i386/apr-1.2.7-1.i386.rpm Without importing any public key, I get "NOKEY": # rpm -K -v httpd-2.0.58-1.src.rpm httpd-2.0.58-1.src.rpm: Header V3 DSA signature: NOKEY, key ID 751d7f27 Header SHA1 digest: OK (18af314df2009ad54b2b638ea379f306e1a0bf95) MD5 digest: OK (20168dc0056ecdccc824a5bdef1c9216) V3 DSA signature: NOKEY, key ID 751d7f27 Using http://www.apache.org/dist/apr/KEYS, I extracted lines 513 to 712 of the file into another file "KEYS.2": # head -712 KEYS|tail -200 > KEYS.3 # rpm --import KEYS.2 # rpm -qa|grep gpg ... gpg-pubkey-751d7f27-3ddd0dfa ... and I get "BAD": # rpm -K -v httpd-2.0.58-1.src.rpm httpd-2.0.58-1.src.rpm: Header V3 DSA signature: BAD, key ID 751d7f27 Header SHA1 digest: OK (18af314df2009ad54b2b638ea379f306e1a0bf95) MD5 digest: OK (20168dc0056ecdccc824a5bdef1c9216) V3 DSA signature: BAD, key ID 751d7f27 If I use the key from http://pgp.mit.edu:11371/pks/lookup?search=0x751D7F27&op=index (e.g. http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x751D7F27), I get f88341d9 as the key ID. Apparently, f88341d9 should belong to Lars Eilebrecht. # rpm --import KEYS.3 # rpm -qa|grep gpg ... gpg-pubkey-f88341d9-3ddd3c97 ... gpg-pubkey-751d7f27-3ddd0dfa Regards, KL --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx