On Mon, Sep 19, 2016 at 10:01 AM, Milan Zamazal <mzamazal@redhat.com> wrote:
Hi, on Vdsm packages downloaded from
http://resources.ovirt.org/pub/ovirt-4.0/src/vdsm/ :
% gpg --verify vdsm-4.18.13.tar.gz.sig
gpg: assuming signed data in 'vdsm-4.18.13.tar.gz'
gpg: Signature made Wed 14 Sep 2016 04:38:26 PM CEST using RSA key ID FE590CB7
gpg: Good signature from "oVirt <infra@ovirt.org>" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: 31A5 D783 7FAD 7CB2 86CD 3469 AB8C 4F9D FE59 0CB7
% gpg --list-keys infra@ovirt.org
pub 2048R/FE590CB7 2014-03-30 [expired: 2016-04-02]
uid [ expired] oVirt <infra@ovirt.org>
Either I download fake packages signed with a cracked expired key, or
you sign the packages with an expired key. Not good in any case.
Please run gpg --refresh-keys
Thanks,
_______________________________________________
Infra mailing list
Infra@ovirt.org
http://lists.ovirt.org/mailman/listinfo/infra
Sandro Bonazzola
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com
