On Mon, Sep 19, 2016 at 10:01 AM, Milan Zamazal <mzama...@redhat.com> wrote:

> Hi, on Vdsm packages downloaded from
> http://resources.ovirt.org/pub/ovirt-4.0/src/vdsm/ :
>
> % gpg --verify vdsm-4.18.13.tar.gz.sig
> gpg: assuming signed data in 'vdsm-4.18.13.tar.gz'
> gpg: Signature made Wed 14 Sep 2016 04:38:26 PM CEST using RSA key ID
> FE590CB7
> gpg: Good signature from "oVirt <infra@ovirt.org>" [expired]
> gpg: Note: This key has expired!
> Primary key fingerprint: 31A5 D783 7FAD 7CB2 86CD  3469 AB8C 4F9D FE59 0CB7
>
> % gpg --list-keys infra@ovirt.org
> pub   2048R/FE590CB7 2014-03-30 [expired: 2016-04-02]
> uid       [ expired] oVirt <infra@ovirt.org>
>
> Either I download fake packages signed with a cracked expired key, or
> you sign the packages with an expired key.  Not good in any case.
>


Please run gpg --refresh-keys
Thanks,




> _______________________________________________
> Infra mailing list
> Infra@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/infra
>



-- 
Sandro Bonazzola
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com
<https://www.redhat.com/it/about/events/red-hat-open-source-day-2016>
_______________________________________________
Infra mailing list
Infra@ovirt.org
http://lists.ovirt.org/mailman/listinfo/infra

Reply via email to