Gene Heskett writes: > On Thursday 10 January 2008, Justin Mason wrote: > >Gene Heskett writes: > >> Greetings; > >> > >> Even though I have followed the intructions in the error message twice > >> now, I still have the same error when sa-update is run: > >> > >> # /usr/bin/sa-update --allowplugins --gpgkey > >> D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel > >> saupdates.openprotect.com error: GPG validation failed! > >> The update downloaded successfully, but it was not signed with a trusted > >> GPG key. Instead, it was signed with the following keys: > >> > >> BDE9DC10 > >> > >> Perhaps you need to import the channel's GPG key? For example: > >> > >> wget http://spamassassin.apache.org/updates/GPG.KEY > >> sa-update --import GPG.KEY > >> > >> channel: GPG validation failed, channel failed > >> > >> New secret process guys? But I note the signature key is the last 8 > >> digits of the GPG.KEY my cron job was using. > > > >what version of gpg do you use? This sounds like the first report of > >http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5775 > > > According to smart or an rpm -q, gpgme-1.1.5-4.fc8
ok, that's not it. sounds like the newly cross-signed key isn't valid for some versions of GPG? --j.
