On Wed Mar 26, 2003 at 06:44:26AM -0800, Tru64 User wrote: > Problems with MandrakeUpdate, all updates claim > "signature is not correct, should i install anyway?" > > eg. The signature of the package > `timezone-2.2.5-16mdk.i586.rpm' is not correct: > gpg: signature made Fri 21 Mar 2003 09:07:25 PM EST > using DSAkey ID 22458A98 > gpg: Can't check signature: publiv key not found > > > How can I fix this problem? Is it safe to continue? > > Getting updates from:: > retrieving source hdlist (or synthesis) of > "update_source"... > --08:45:17-- > ftp://mirrors.secsup.org/pub/linux/mandrake/Mandrake/updates/9.0/base/hdlist.cz > => `/var/cache/urpmi/partial/.listing' > Resolving mirrors.secsup.org... done. > Connecting to mirrors.secsup.org[208.209.50.18]:21... > connected. > Logging in as anonymous ... Logged in!
You have to have the security team key... it should be installed in root's keyring, so I'm not sure why you're seeing this. Is it possible that you're using sudo to call urpmi? For some reason, when you use sudo, it checks the user's keyring, and not root's. If you su to root and do "gpg --list-keys" you should see a key for the Mandrake Security Team; if you don't, then you need to install it (you can do it by using the www.mandrakesecure.net keyserver). -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ "lynx -source http://linsec.ca/vdanen.asc | gpg --import" {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
pgp00000.pgp
Description: PGP signature
