On Sun, 23 Oct 2005 01:08:10 -0400, "Phillip J. Eby" <[EMAIL PROTECTED]> wrote: >Does anybody know how to verify cheeseshop signatures? I was just trying: > > gpg --verify roundup-0.9.0b1.tar.gz.asc roundup-0.9.0b1.tar.gz > >which results in: > >gpg: Signature made Fri Oct 7 01:39:29 2005 EDT using DSA key ID 41C6E930 >gpg: Can't check signature: public key not found > >This seems to imply that to check a signature, you have to have the >author's public key, and there's no way offered to get it via the cheese shop. > >Or is it looking for *my* public key for some reason? Or am I just >confused about how this thing is supposed to work? >
The required key is indicated in the message. You just need to retrieve it: gpg --import 41C6E930 Re-running --verify should now work. Jp _______________________________________________ Catalog-sig mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
