On Mon, Nov 21, 2022 at 12:18 AM AV via test <test@lists.fedoraproject.org> wrote:
> On Sat, 2022-11-19 at 19:33 -0800, Samuel Sieb wrote: > > On 11/18/22 16:11, AV via test wrote: > > > Following info on https://getfedora.org/en/security/ > > > > > > gpgv --keyring ./fedora.gpg *-CHECKSUM > > > gpgv: not a detached signature > > > > > > I think a little correction is warranted. > > > > You need to give more specific information about what exactly you > > tried. > > I followed the instructions there and it worked as expected. > > I discovered today what happened. I had downloaded both > Fedora-Workstation and Fedora-Everything together with > their CHECKSUMS into the same folder. > If you then try "gpgv --keyring ./fedora.gpg *-CHECKSUM" > it results in this error message. > Remove one of the two from the folder and it works as > expected. > But as yet it is not clear to me why this error message > meant for another situation. > Can you file a bug or a pull request at https://pagure.io/fedora-web/websites/ ? I think the command should be modified to: $ gpgv --keyring ./fedora.gpg CHECKSUM_FILE and the description should state to replace CHECKSUM_FILE with an actual checksum file name. I agree that currently it's confusing because it looks like it can handle processing multiple checksum files together (which is the case for sha256sum, but not for gpgv). Thanks!
_______________________________________________ test mailing list -- test@lists.fedoraproject.org To unsubscribe send an email to test-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
