[gobolinux-users] The package for hungarian OpenOffice2.0.4

Andy Feldman nereusren at gmail.com
Mon Nov 13 19:47:51 UTC 2006


On 11/13/06, Jonas Karlsson <jonka750 at student.liu.se> wrote:
> 2006/11/13, Andy Feldman <nereusren at gmail.com>:
> > For example, when I download your GnuPG package, it errors
> > out with "Invalid signature," with no option to install it anyway.
>
> [...] What does InstallPackage say
> more than 'nvalid signature'? Does it say anything more, like that
> some files are missing or aren't signed?

InstallPackage: Installing GnuPG, version 1.4.5.
InstallPackage: Uncompressing to /Programs...
InstallPackage: Invalid signature.  Package has been modified
InstallPackage: Suspect package in /Programs/GnuPG/1.4.5
InstallPackage: Removing downloaded package
/System/Variable/tmp/GnuPG--1.4.5--i686.tar.bz2.

This is with Scripts 2.5.1 and GnuPG 1.4.1, on 012.

> I thought that one
> could install contributed packages and get that the signature was ok.

I tried to submit a signed package a while ago... I know things have
changed quite a bit since then with the signing framework, but at the
time Lucas suggested to me to leave it unsigned if I didn't have a
practical way of giving people my key.

Incidentally, do you have your public key posted somewhere? That way I
would be able to use your packages, at least :). I'm not very
experienced with the public key framework, but I'd be interested in
learning about it and trying to make it work easily with packages in
general... A robust user-trust framework for binary packages is a
great goal, since it would helps us get even farther away from relying
on a single "central repository."

-Andy


More information about the gobolinux-users mailing list