On 14 Nov 2002, Gerald Timothy Quimpo wrote: > hello all, > > I'm trying to verify the signature of rsync-2.5.5.tar.gz. > when i do: > > gpg --verify rsync-2.5.5.tar.gz.sig > > gpg tells me that i have no corresponding public key. > > [tiger ] gpg --verify rsync-2.5.5.tar.gz.sig > gpg: Signature made Mon 01 Apr 2002 08:53:08 PM EST using DSA key ID > A0B3E88B > gpg: Can't check signature: public key not found > > > that's fine, i know i don't have it since i just zapped my > keyring (including private keys) and am starting over fresh. > > on the other hand, i can't seem to get the public key from > any keyservers either. has anyone done this? is the rsync > public key on some keyserver somewhere? i'm using mandrake 9, > so the default keyserver is mandrake's keyserver. all the > main keyservers are connected, right? are there subnetworks > of keyservers i should try? there's a hierarchy of trust > for keyservers too, and i'm trying to keep my list of trusted > keyservers small.
Im not sure if the owner uploads the public key to the keyservers. yes, keyservers are updating each other and thats what gpg.net says :) hehehe. im searching public keys at pgpkeys.mit.edu && keyserver.net, if you have nice one maybe you can share with us. > > and while i'm on the subject. i'd be glad if some of the > well known members of the list (ian? rickmoen? maybe the > officers, and some well known non-officers) would be willing > to share their public keyrings with me. i'm not, of course, > going to automatically trust keyring attachments sent via > email or posted on the web. but after some other offline > communication (voice phone, snail mail, meeting, etc) i > will incrementally bump up trust of the individual keys > so that eventually i'll have a good working set. agree with this. hope they can share their public keyrings with us, hehe. > > does anyone have any comments on this procedure? is it a > prudent one (assuming, of course, that the offline > verification of keys and signatures is valid)? > > hmmm, this could be a useful survey too. how much do the > geeks on PLUG actually use gpg and gpg signatures for > verifying packages. > > hehe, so i zapped my old keyring because it had been so long > since i used it that i'd forgotten the passphrase :). for > something like this, i guess i need to write the passphrase > down and put it in a safe deposit box or something :). > > tiger > > -- > Gerald Timothy Quimpo tiger*quimpo*org gquimpo*sni-inc.com tiger*sni*ph > > Veritas liberabit vos. > ... region del sol querida, Perla del Mar de Oriente, > nuestro perdido Eden! ... > > _ > Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph > To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] > > Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph > > To subscribe to the Linux Newbies' List: send "subscribe" in the body to >[EMAIL PROTECTED] > _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
