[Catalog-sig] How to verify cheeseshop signatures?

Jp Calderone exarkun at divmod.com
Sun Oct 23 08:55:56 CEST 2005


On Sun, 23 Oct 2005 01:08:10 -0400, "Phillip J. Eby" <pje at telecommunity.com> wrote:
>Does anybody know how to verify cheeseshop signatures?  I was just trying:
>
>    gpg --verify roundup-0.9.0b1.tar.gz.asc roundup-0.9.0b1.tar.gz
>
>which results in:
>
>gpg: Signature made Fri Oct  7 01:39:29 2005 EDT using DSA key ID 41C6E930
>gpg: Can't check signature: public key not found
>
>This seems to imply that to check a signature, you have to have the
>author's public key, and there's no way offered to get it via the cheese shop.
>
>Or is it looking for *my* public key for some reason?  Or am I just
>confused about how this thing is supposed to work?
>

The required key is indicated in the message.  You just need to retrieve it:

gpg --import 41C6E930

Re-running --verify should now work.

Jp


More information about the Catalog-sig mailing list