torsdagen den 12 juni 2003 18.26 skrev Per �yvind Karlsen: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Thursday 12 June 2003 18:19, Brook Humphrey wrote: > > On Thursday 12 June 2003 02:50, Oden Eriksson wrote: > > > torsdagen den 12 juni 2003 11.26 skrev Per �yvind Karlsen: > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > Hash: SHA1 > > > > > > > > On Thursday 12 June 2003 11:15, Oden Eriksson wrote: > > > > > E: php-mhash unknown-key GPG#604AA4E4 > > > > > > > > why are you actually signing these packages yourself? > > > > > > Huh? That's what I've been told to do maybe 1,5 year ago..., has this > > > policy changed? If so no one has told me about it. > > > > Nope I have to sign all the srpm's I send to contribs also. > > when uploading them yourself(not upping them to ftp.linux-mandrake.com) you > should'nt sign them, as you see, noone else does this, and when people are > installing your packages they'll get warnings about it because the package > has both your signature and the mandrakesoft, while they have only the > mandrakesoft signatures.. > I used to sign them myself, but Lenny told me not to, and I guess you > should'nt neither, unless there's any special reason for this..? > > I'm not gonna say I'm *sure* about this, but packages are automatically > signed, and rpmlint also nags about this..
rpm --sign rpm: --sign may only be used during package building AFAIK you cannot resign a package if it's not signed in the first place. ? -- Regards // Oden Eriksson, Deserve-IT.com
