On 08/24/10 09:57, Ian Lance Taylor wrote:
Larry Evans<cppljevans@xxxxxxxxxxxxxx> writes:
I've downloaded:
ftp://ftp.gnu.org/gnu/gcc/gcc-4.5.1/gcc-4.5.1.tar.bz2
ftp://ftp.gnu.org/gnu/gcc/gcc-4.5.1/gcc-4.5.1.tar.bz2.sig
then *tried* to follow instructions here:
http://www.gnupg.org/documentation/faqs.en.html#q4.19
to check the downloaded bz2 with the bz2.sig file; however,
I there's no mention on:
http://www.gnu.org/prep/ftp.html
of where to find the:
vendor, organisation, or issueing person's key
mentioned in faqs.en.html#q4.19.
So, where's gnu's (or whowever create the .sig file)'s
key?
I believe it is here:
http://savannah.gnu.org/project/memberlist-gpgkeys.php?group=gcc
although I haven't actually checked that that key works.
Ian
Thanks; however, i did as instructed on:
http://savannah.gnu.org/project/memberlist-gpgkeys.php?group=gcc
i.e. I downloaded the gcc-keyring.gpg to my */gcc directory, then did
evansl@evansl-desktop:~/download/gcc$ gpg --import gcc-keyring.gpg
gpg: key 497A176D: public key "Loic Dachary (OuoU) <loic@xxxxxxxxx>"
imported
gpg: key C0651875: public key "Marie-Christine Aubin (Dachary)
<mcd@xxxxxxxxxxx>" imported
gpg: Total number processed: 2
gpg: imported: 2
gpg: no ultimately trusted keys found
evansl@evansl-desktop:~/download/gcc$ cd 4.5.1-release/
evansl@evansl-desktop:~/download/gcc/4.5.1-release$ gpg --verify
gcc-4.5.1.tar.bz2.sig
gpg: Signature made Sat Jul 31 06:15:12 2010 CDT using RSA key ID FC26A641
gpg: Can't check signature: public key not found
evansl@evansl-desktop:~/download/gcc/4.5.1-release$
I've never used gpg before; however, I'm pretty sure this
means it couldn't verify the file :(
Anyone else have a clue?
TIA.
-Larry
