[gobolinux-users] The package for hungarian OpenOffice2.0.4

Jonas Karlsson jonka750 at student.liu.se
Mon Nov 13 20:20:17 UTC 2006

2006/11/13, Andy Feldman <nereusren at gmail.com>:
> On 11/13/06, Jonas Karlsson <jonka750 at student.liu.se> wrote:
> > 2006/11/13, Andy Feldman <nereusren at gmail.com>:
> > > For example, when I download your GnuPG package, it errors
> > > out with "Invalid signature," with no option to install it anyway.
> >
> > [...] What does InstallPackage say
> > more than 'nvalid signature'? Does it say anything more, like that
> > some files are missing or aren't signed?
> InstallPackage: Installing GnuPG, version 1.4.5.
> InstallPackage: Uncompressing to /Programs...
> InstallPackage: Invalid signature.  Package has been modified
> InstallPackage: Suspect package in /Programs/GnuPG/1.4.5
> InstallPackage: Removing downloaded package
> /System/Variable/tmp/GnuPG--1.4.5--i686.tar.bz2.
> This is with Scripts 2.5.1 and GnuPG 1.4.1, on 012.
Could you run VerifyProgram on it? I think it gives a little more
information on what's wrong.

> > I thought that one
> > could install contributed packages and get that the signature was ok.
> I tried to submit a signed package a while ago... I know things have
> changed quite a bit since then with the signing framework, but at the
> time Lucas suggested to me to leave it unsigned if I didn't have a
> practical way of giving people my key.

I'll look into it and give you a good answer when I have the time to look at it.

> Incidentally, do you have your public key posted somewhere? That way I
> would be able to use your packages, at least :). I'm not very
> experienced with the public key framework, but I'd be interested in
> learning about it and trying to make it work easily with packages in
> general... A robust user-trust framework for binary packages is a
> great goal, since it would helps us get even farther away from relying
> on a single "central repository."
You can get my public key here:

We're still working on the signing bits, but we're getting closer.

For user-trust, I'm not really sure how to build a good web of trust,
when we are this geographically widespread (most of us, except some
down in Brazil :) ) and few. It's very unlikely that we should
physically meet to be able to connect the lines in the web, but that's
something to think about later.


More information about the gobolinux-users mailing list