Hello On the Verify your ISO Download page (https://fedoraproject.org/en/verify) you have a link to Fedora's GPG keys (curl https://fedoraproject.org/static/fedora.gpg | gpg --import). I have run this curl statement today and this is the output:
curl https://fedoraproject.org/static/fedora.gpg | gpg --import % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 5363 100 5363 0 0 6195 0 --:--:-- --:--:-- --:--:-- 6192 gpg: key 4B94091B: public key "Fedora Secondary (19) <[email protected]>" imported gpg: key 246110C1: public key "Fedora (20) <[email protected]>" imported gpg: Total number processed: 2 gpg: imported: 2 (RSA: 2) Running gpg --list-keys then gives: /xx/.gnupg/pubring.gpg ------------------------ pub 4096R/4B94091B 2013-06-19 uid Fedora Secondary (19) <[email protected]> sub 4096g/793BFD4D 2013-06-19 pub 4096R/246110C1 2013-05-16 uid Fedora (20) <[email protected]> Please correct me if I'm wrong, but I had assumed that the .gpg file at fedoraproject.org/static should load more than two signatures. Also, the Fedora Secondary (19) signature looks incorrect. Am I missing something obvious here, or is there an issue with this link. Thanks Richard Mauger -- websites mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/websites
