D. Hugh Redelmeier <hugh <at> mimosa.com> writes: > The verify page says that key DE7F38BD is the Fedora 18 key. But my imports included > gpg: key 22B3B81A: "Fedora (18) <fedora <at> fedoraproject.org>" not changed > gpg: key 34E166FA: "Fedora Secondary Arch (18) <fedora <at> fedoraproject.org>" not changed > > ===> Which is the real Fedora 18 key? Why isn't this documented better? I vaguely remember having this issue early in F18 development. I believe the verify page initially had the 22B3B81A key but for some reason it had to be changed. The DE7F38BD key is the current one. There's a bug https://bugzilla.redhat.com/show_bug.cgi?id=861836 which has never been acted on. > When I do the specified checksum command, I get scary warnings: > > $ sha256sum -c *-CHECKSUM > Fedora-18-Beta-x86_64-DVD.iso: OK > sha256sum: Fedora-18-Beta-x86_64-netinst.iso: No such file or directory > Fedora-18-Beta-x86_64-netinst.iso: FAILED open or read > sha256sum: WARNING: 20 lines are improperly formatted > sha256sum: WARNING: 1 listed file could not be read > > The warning about improperly formatted lines is clearly because fo the > GPG stuff. > > ===> Should we not have a version of sha256 that knows how to deal > with the gpg signature? The FAILED messages for missing files have always been there. The warning about improperly formatted lines is recent. I filed https://bugzilla.redhat.com/show_bug.cgi?id=733561 against this bug it was closed as NOTABUG due to concerns that blocking that warning could cause security issues. -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
