[Libreoffice-qa] [ANN] LibreOffice 4.1.2 RC2 test builds available

Christian Lohmaier lohmaier+libreoffice at googlemail.com
Thu Sep 19 08:00:33 PDT 2013


Hi Pedro, *,

On Thu, Sep 19, 2013 at 3:50 PM, Pedro <pedlino at gmail.com> wrote:
> Christian Lohmaier-2 wrote
>> My guess is that you misinterpreted whatever message gpg did print
>> when verifying. (Like reporting the meaning - "Sorry, the file is a
>> signature with the key AFEEAEA3, but I don't know the public key, so I
>> cannot check whether the signature is correct")
> [...]
> <http://nabble.documentfoundation.org/file/n4074791/GPGcheck.png>
>
> Maybe GPG4Win is not the right tool?

It is just as I suspected. It tells you: This is a signature with key
AFEEAEA3 (that is the last characters of the full ID for convenience),
but I cannot verify it, because I don't know the public part of the
key.
It is not saying: The signature is invalid, and it is not saying: the
signature is valid. It say: "cannot tell".

(well, actually the dialog reads "Signature is invalid" because the
public part is not available, but that is just to alert you of the
problem, to especially avoid the situation of you thinking "GPG
verification reported no errors" :-))

You need to import the key into your keyring, so that the tool can
actually verify it.

Not sure where in that tool you would do that, but on the commandline
you could use

gpg --keyserver hkp://keys.gnupg.net --recv-keys AFEEAEA3

to receive the key. Other keyservers can be used as well - the
keyservers exchange the keys with each other.

If it asks you to verify the key's fingerprint, it is:

C283 9ECA D940 8FBE 9531  C3E9 F434 A1EF AFEE AEA3

ciao
Christian


More information about the Libreoffice-qa mailing list