[packman] PGP-Key 6946124b

Andreas Osterburg alanos at freenet.de
Thu Feb 11 08:33:18 CET 2016


Hello Marc,

packman still serves lots of such packages e.g.

http://packman.inode.at/suse/openSUSE_Leap_42.1/Essentials/x86_64/typelib-1_0-GstRtsp-1_0-1.6.3-59.1.x86_64.rpm

~> rpm -v --checksig typelib-1_0-GstRtsp-1_0-1.6.3-59.1.x86_64.rpm

typelib-1_0-GstRtsp-1_0-1.6.3-59.1.x86_64.rpm:
     Header V3 RSA/SHA1 Signature, key ID *6946124b*: *NOKEY*
     Header SHA1 digest: OK (c4cb3cde46b53fd25617a14febda2bdc51931411)
     V3 RSA/SHA1 Signature, key ID *6946124b*: *NOKEY*
     MD5 digest: OK (f6a5d4d87926fd63ebb1a5c7f090b3b9)

I guess, it's an error.

On repo level these packages are correctly signed with packmans offical key.
So there must be a problem when creating the packages.

Marc Schiffbauer schrieb am 10.02.16 um 22:48 Uhr
> * Andreas Osterburg schrieb am 09.02.16 um 15:18 Uhr:
>> Hello,
>>
>> I recognized that some of the newer packages are PGP-signed with key 6946124b.
>> An example is "typelib-1_0-GstRtsp-1_0-1.6.3-59.1" (openSUSE leap 42.1).
>> Elder VLC packages were signed with it, too.
>> Unfortunately I cannot find the public key anywhere. Please, can you provide it.
>
> Where did you download that package? This must be an error somewhere or
> you got a malware package...
>
>
> --
> 0x35A64134 - 8AAC 5F46 83B4 DB70 8317
>              3723 296C 6CCA 35A6 4134





More information about the Packman mailing list