Hi Pedro, *, On Thu, Sep 19, 2013 at 5:53 PM, Pedro <pedl...@gmail.com> wrote: > Christian Lohmaier-2 wrote >> You need to import the key into your keyring, so that the tool can >> actually verify it. > > I imported the key and, although the message is not clear, I guess this will > have to do... > > From the working installer > > <http://nabble.documentfoundation.org/file/n4074811/GPGcheckok.png>
The messages from that program are weired. What it should say is: "The signature is valid, but I cannot tell whether the key that was used really is the one from »LibreOffice Build Team (CODE SIGNING KEY) <bu...@documentfoundation.org>«" (as you'd have to tell the program, "Yes, the key belongs to TDF, I trust that key") So what you got is a valid, but untrusted (by your personal settings/web-of-trust) signature. > from the corrupted installer > > <http://nabble.documentfoundation.org/file/n4074811/GPGcheck_corrupted.png> > > I was expecting a clear "The file is corrupted/invalid"... At least that message is now a clear error, although it should not say "unknown certificate". It *knows* the certificate now, that is the precondition for it to be able to tell that the signature is bad. It should say: "BAD Signature. The signature doesn't match the key from build@libreoffice ..." ciao Christian _______________________________________________ List Name: Libreoffice-qa mailing list Mail address: Libreoffice-qa@lists.freedesktop.org Change settings: http://lists.freedesktop.org/mailman/listinfo/libreoffice-qa Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://lists.freedesktop.org/archives/libreoffice-qa/
