[Catalog-sig] How to verify cheeseshop signatures?
exarkun at divmod.com
Sun Oct 23 08:55:56 CEST 2005
On Sun, 23 Oct 2005 01:08:10 -0400, "Phillip J. Eby" <pje at telecommunity.com> wrote:
>Does anybody know how to verify cheeseshop signatures? I was just trying:
> gpg --verify roundup-0.9.0b1.tar.gz.asc roundup-0.9.0b1.tar.gz
>which results in:
>gpg: Signature made Fri Oct 7 01:39:29 2005 EDT using DSA key ID 41C6E930
>gpg: Can't check signature: public key not found
>This seems to imply that to check a signature, you have to have the
>author's public key, and there's no way offered to get it via the cheese shop.
>Or is it looking for *my* public key for some reason? Or am I just
>confused about how this thing is supposed to work?
The required key is indicated in the message. You just need to retrieve it:
gpg --import 41C6E930
Re-running --verify should now work.
More information about the Catalog-sig