https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6151
Summary: Sign the distro rules with the right signing key
Product: Spamassassin
Version: 3.3.0
Platform: Other
OS/Version: All
Status: NEW
Severity: normal
Priority: P1
Component: Building & Packaging
AssignedTo: [email protected]
ReportedBy: [email protected]
Make sure to sign the rules with the right signing key,
and the sa-update failure message should point to
a corresponding URL where this key could be found.
>http://people.apache.org/~jm/devel/
> Mail-SpamAssassin-rules-3.3.0.tgz
> Mail-SpamAssassin-rules-3.3.0.tgz.asc
> Mail-SpamAssassin-rules-3.3.0.tgz.md5
> Mail-SpamAssassin-rules-3.3.0.tgz.sha1
>> That can be installed using "sa-update --install /tmp/709395.tar.gz".
>> Does that work?
Mark:
> Btw, seems like the gpg key used to sign it (265FA05B) is not
> the one the sa-update prints the URL for:
>
> error: GPG validation failed!
> The update downloaded successfully, but it was not signed with a trusted GPG
> key. Instead, it was signed with the following keys:
> 265FA05B
> Perhaps you need to import the channel's GPG key? For example:
> wget http://spamassassin.apache.org/updates/GPG.KEY
> sa-update --import GPG.KEY
Justin:
> That's true -- it's just an example. in this case it's a different key used.
> However in this case we _should_ be using the main rules-signing key,
> not the distro-signing key, so that sa-update doesn't need special
> flags. my mistake. could you open a bug?
--
Configure bugmail:
https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
