[Catalog-sig] How to verify cheeseshop signatures?
Phillip J. Eby
pje at telecommunity.com
Sun Oct 23 07:08:10 CEST 2005
Does anybody know how to verify cheeseshop signatures? I was just trying:
gpg --verify roundup-0.9.0b1.tar.gz.asc roundup-0.9.0b1.tar.gz
which results in:
gpg: Signature made Fri Oct 7 01:39:29 2005 EDT using DSA key ID 41C6E930
gpg: Can't check signature: public key not found
This seems to imply that to check a signature, you have to have the
author's public key, and there's no way offered to get it via the cheese shop.
Or is it looking for *my* public key for some reason? Or am I just
confused about how this thing is supposed to work?
More information about the Catalog-sig