[Libreoffice-qa] [ANN] LibreOffice 4.1.2 RC2 test builds available
Christian Lohmaier
lohmaier+libreoffice at googlemail.com
Thu Sep 19 09:09:39 PDT 2013
Hi Pedro, *,
On Thu, Sep 19, 2013 at 5:53 PM, Pedro <pedlino at gmail.com> wrote:
> Christian Lohmaier-2 wrote
>> You need to import the key into your keyring, so that the tool can
>> actually verify it.
>
> I imported the key and, although the message is not clear, I guess this will
> have to do...
>
> From the working installer
>
> <http://nabble.documentfoundation.org/file/n4074811/GPGcheckok.png>
The messages from that program are weired. What it should say is:
"The signature is valid, but I cannot tell whether the key that was
used really is the one from »LibreOffice Build Team (CODE SIGNING
KEY) <build at documentfoundation.org>«"
(as you'd have to tell the program, "Yes, the key belongs to TDF, I
trust that key")
So what you got is a valid, but untrusted (by your personal
settings/web-of-trust) signature.
> from the corrupted installer
>
> <http://nabble.documentfoundation.org/file/n4074811/GPGcheck_corrupted.png>
>
> I was expecting a clear "The file is corrupted/invalid"...
At least that message is now a clear error, although it should not say
"unknown certificate". It *knows* the certificate now, that is the
precondition for it to be able to tell that the signature is bad.
It should say: "BAD Signature. The signature doesn't match the key
from build at libreoffice ..."
ciao
Christian
More information about the Libreoffice-qa
mailing list