Hello,
I am trying to verify the download of a gcc-4.1.0.tar.bz2 file. I
also downloaded the corresponding gcc-4.1.0.tar.bz2.sig file. I have
tried gpg --verify gcc-4.1.0.tar.bz2.sig gcc-4.1.0.tar.bz2, but it says
"can't check signature, public key not found." Does this mean the file
has been verified, but just not the signature? The file at
ftp.gnu.org/MISSING-FILES.README says that all releases after 8-1-2003
will be signed by the gpg maintainer who prepared the release. Does
this mean I need to get the public keys of each maintainer for each
software release I download? If so, could you please tell me how and
where to get the appropriate public keys?
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
