[SNIP]
If I manually verify ftp://ftp.debian.org/debian/dists/stable/Release & Release.gpg I get the following:
blueboy:~# gpg --verify ./Release.gpg ./Release
gpg: Signature made Thu Nov 20 19:57:33 2003 CET using DSA key ID 38C6029A
gpg: Good signature from "Debian Archive Automatic Signing Key (2003) <[EMAIL PROTECTED]>"
Could not find a valid trust path to the key. Let's see whether we
can assign some missing owner trust values.
No path leading to one of our keys found.
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
gpg: Fingerprint: EB2F A2AF 170D 2359 26A7 7BF3 B629 A24C 38C6 029A
gpg: Signature made Wed Dec 31 17:26:06 2003 CET using DSA key ID 30B34DD5
gpg: Can't check signature: public key not found
blueboy:~#
blueboy:~#
Reimporting the 'latest' (????) key I notice that the key IDs are different
blueboy:~# gpg --import ./ziyi_key_2003.asc gpg: key 38C6029A: public key imported gpg: Total number processed: 1 gpg: imported: 1 blueboy:~#
So I guess I don't have an up to date ziyi public key.
Can anyone confirm this for me... and if I am correct, when can I find the key with ID 30B34DD5?
Can anyone confirm this? Does anyone actually used apt-check-sigs at all, or do you simply 'dist-upgrade' without it?
Perhaps a more useful question in my case would be is anyone using apt-check-sigs successfully with ftp://ftp.debian.org/ dists/stable in their sources.list ?
If so, what keys are you using?
Kind regards,
Adam Barton.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
