On Wed, Jun 11, 2008 at 2:44 PM, mpb <[EMAIL PROTECTED]> wrote: >>> InstallPackage: Installing Compile, version 1.11.0. >>> InstallPackage: Uncompressing to /home/gobo/Programs... >>> InstallPackage: Invalid signature. FileHash could not be verified. >>> InstallPackage: Suspect package in /home/gobo/Programs/Compile/1.11.0 >>> InstallPackage: Removing downloaded package >>> /tmp/Compile--1.11.0--i686.tar.bz2. > > On Tue, Jun 10, 2008 at 3:51 PM, Michael Homer <[EMAIL PROTECTED]> wrote: >> the problem is >> really that the signature format has changed and old tools are unable >> to verify it. If you care about the chain of trust, you need to >> upgrade release-by-release. Each release is signed by the previous >> one, so you will always be able to verify them that way. > > Hi, > > My point is it would be nice (IMO) if the InstallPackage error > messages could precisely explain the problem (for example: "Invalid > signature - you appear to be using an old version of > Compile/Scripts.)" and any appropriate solution(s), whatever it/they > may be.
The newer versions should do that; I updated the hashfile format so that versioning info is included, so it fails properly when it finds a new version it can't handle. Old versions of course as not that smart, but those should fade away over time. -- Hisham _______________________________________________ gobolinux-devel mailing list gobolinux-devel@lists.gobolinux.org http://lists.gobolinux.org/mailman/listinfo/gobolinux-devel
