> Is there some way that public key can be obtained?
Hi Brett. Normally the key would be available through MIT's public key
server, but I just checked and it appears to be off-line. Or at least I
cannot find any keys through their web portal. This may be why gpg is
not finding the signing key.
I have uploaded the public verification key to the Svannah SysV download
folder. The file (sysvinit-verification-key.pub) is in the same
directory now as the signature file and tarball. Normally it's not ideal
to verify a key from the same location as where you got the signature,
but since the public key server seems to be down this is our next best
As an extra layer of defence I'll add that the tarball for sysvinit-2.89
should have an MD5 checksum of 6a2e0776a9a3e29264ddec738ef0031c
Hopefully those two bits of information, combined, will verify that the
file is legitimate.