[Catalog-sig] How to verify cheeseshop signatures?

Phillip J. Eby pje at telecommunity.com
Sun Oct 23 07:08:10 CEST 2005

Does anybody know how to verify cheeseshop signatures?  I was just trying:

    gpg --verify roundup-0.9.0b1.tar.gz.asc roundup-0.9.0b1.tar.gz

which results in:

gpg: Signature made Fri Oct  7 01:39:29 2005 EDT using DSA key ID 41C6E930
gpg: Can't check signature: public key not found

This seems to imply that to check a signature, you have to have the 
author's public key, and there's no way offered to get it via the cheese shop.

Or is it looking for *my* public key for some reason?  Or am I just 
confused about how this thing is supposed to work?

More information about the Catalog-sig mailing list