Colin Paul Adams wrote: > OK. But I found this at http://fedoraproject.org/en/verify : > > > curl https://fedoraproject.org/static/fedora.gpg | gpg --import > > I get: > > % Total % Received % Xferd Average Speed Time Time Time > Current Dload Upload Total Spent Left Speed 100 6638 100 6638 > 0 0 2911 0 0:00:02 0:00:02 --:--:-- 5630 gpg: key 4F2A6FD2: > public key "Fedora Project <fedora redhat com>" imported gpg: key 30C9ECF8: > public key "Fedora Project (Test Software) <rawhide redhat com>" imported > gpg: key 4EBFC273: public key "Fedora (10) <fedora fedoraproject org>" > imported gpg: key 0B86274E: public key "Fedora (10 testing) > <fedora fedoraproject org>" imported gpg: Total number processed: 4 > gpg: imported: 4 > > > Now, to verify that the SHA1SUM file is valid, make sure that it has a > > good signature from the key ID 4EBFC273. > > > >$ gpg --verify SHA1SUM > > and if I do that I get: > > gpg: Signature made Thu 20 Nov 2008 17:35:25 GMT using DSA key ID 4EBFC273 > gpg: Can't check signature: public key not found Did you perchance run the first command as one user and the second as another user? Each user account has its own keyring. Use "gpg --list-keys 4EBFC273" to verify that the key is there. Björn Persson
Description: This is a digitally signed message part.