[packman] PGP-Key 6946124b
Andreas Osterburg
alanos at freenet.de
Thu Feb 11 08:33:18 CET 2016
Hello Marc,
packman still serves lots of such packages e.g.
http://packman.inode.at/suse/openSUSE_Leap_42.1/Essentials/x86_64/typelib-1_0-GstRtsp-1_0-1.6.3-59.1.x86_64.rpm
~> rpm -v --checksig typelib-1_0-GstRtsp-1_0-1.6.3-59.1.x86_64.rpm
typelib-1_0-GstRtsp-1_0-1.6.3-59.1.x86_64.rpm:
Header V3 RSA/SHA1 Signature, key ID *6946124b*: *NOKEY*
Header SHA1 digest: OK (c4cb3cde46b53fd25617a14febda2bdc51931411)
V3 RSA/SHA1 Signature, key ID *6946124b*: *NOKEY*
MD5 digest: OK (f6a5d4d87926fd63ebb1a5c7f090b3b9)
I guess, it's an error.
On repo level these packages are correctly signed with packmans offical key.
So there must be a problem when creating the packages.
Marc Schiffbauer schrieb am 10.02.16 um 22:48 Uhr
> * Andreas Osterburg schrieb am 09.02.16 um 15:18 Uhr:
>> Hello,
>>
>> I recognized that some of the newer packages are PGP-signed with key 6946124b.
>> An example is "typelib-1_0-GstRtsp-1_0-1.6.3-59.1" (openSUSE leap 42.1).
>> Elder VLC packages were signed with it, too.
>> Unfortunately I cannot find the public key anywhere. Please, can you provide it.
>
> Where did you download that package? This must be an error somewhere or
> you got a malware package...
>
>
> --
> 0x35A64134 - 8AAC 5F46 83B4 DB70 8317
> 3723 296C 6CCA 35A6 4134
More information about the Packman
mailing list