Hello Marc,
packman still serves lots of such packages e.g.
http://packman.inode.at/suse/openSUSE_Leap_42.1/Essentials/x86_64/typelib-1_0-GstRtsp-1_0-1.6.3-59.1.x86_64.rpm
~> rpm -v --checksig typelib-1_0-GstRtsp-1_0-1.6.3-59.1.x86_64.rpm
typelib-1_0-GstRtsp-1_0-1.6.3-59.1.x86_64.rpm:
Header V3 RSA/SHA1 Signature, key ID *6946124b*: *NOKEY*
Header SHA1 digest: OK (c4cb3cde46b53fd25617a14febda2bdc51931411)
V3 RSA/SHA1 Signature, key ID *6946124b*: *NOKEY*
MD5 digest: OK (f6a5d4d87926fd63ebb1a5c7f090b3b9)
I guess, it's an error.
On repo level these packages are correctly signed with packmans offical key.
So there must be a problem when creating the packages.
Marc Schiffbauer schrieb am 10.02.16 um 22:48 Uhr
* Andreas Osterburg schrieb am 09.02.16 um 15:18 Uhr:
Hello,
I recognized that some of the newer packages are PGP-signed with key 6946124b.
An example is "typelib-1_0-GstRtsp-1_0-1.6.3-59.1" (openSUSE leap 42.1).
Elder VLC packages were signed with it, too.
Unfortunately I cannot find the public key anywhere. Please, can you provide it.
Where did you download that package? This must be an error somewhere or
you got a malware package...
--
0x35A64134 - 8AAC 5F46 83B4 DB70 8317
3723 296C 6CCA 35A6 4134
_______________________________________________
Packman mailing list
[email protected]
http://lists.links2linux.de/cgi-bin/mailman/listinfo/packman
