Freedora repo

Alexandre Oliva lxoliva at
Sun Jan 4 17:14:31 UTC 2009

On Jan  2, 2009, Ufa <ufa at> wrote:

> I have just installed a linux-libre repo in my Fedora 10 installation, but I
> cannot verify it with the gpg keys in
> linux-libre/download/SIGNING-KEY , so I bypassed the gpg check, it it is not
> secure enough to use like this.

I can see why you wouldn't want that.

Oddly, this arrangement works for me.  Note that there are two GPG keys
in SIGNING-KEY.  One is my personal key, used in the earliest
Linux-libre packages I created.  The other is a key I created
specifically for Linux-libre packages.

Could you please check that, with whatever procedure you used to get the
keys into your RPM databases, you got both of them installed?

$ rpm -q gpg-pubkey-f2b920f5 gpg-pubkey-7e7d47a7

If whatever procedure you used to get them installed didn't get them
both in, would you please let me know what it was?  I've just realized
that 'rpm --import' won't import both keys in the file, but nevertheless
it imported the current key, so this should have worked.

Anyhow...  I'll split the old key out of SIGNING-KEY, which should
address the problem.

Thanks for your report,

Alexandre Oliva 
You must be the change you wish to see in the world. -- Gandhi
Be Free! --   FSF Latin America board member
Free Software Evangelist      Red Hat Brazil Compiler Engineer

More information about the linux-libre mailing list