It's the amd64 one. Judging from 19 downloads of the package, and 2 downloads of the .asc file, no one is checking this. I'm not about to install without checking.
gpg: Signature made Fri 07 Feb 2014 12:51:42 AM PST using RSA key ID 5CCF8BB3
gpg: Can't check signature: No public key
{der} When I click on the .asc file at SF it drops down with MD5 and SHA1. Testing the package against these it flunks. I download the package again, and it flunks with exactly the same numbers.
What is wrong with this?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I am trying to verify the signature of the passwordsafe Debian package from here:
https://sourceforge.net/projects/passwordsafe/files/Linux-BETA/0.93/
It's the amd64 one. Judging from 19 downloads of the package, and 2 downloads of the .asc file, no one is checking this. I'm not about to install without checking.
gpg --verify passwordsafe-debian-0.93BETA.amd64.deb.sig passwordsafe-debian-0.93BETA.amd64.deb
gpg: Signature made Fri 07 Feb 2014 12:51:42 AM PST using RSA key ID 5CCF8BB3
gpg: Can't check signature: No public key
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0x919464515CCF8BB3
gpg: Total number processed: 1
gpg: unchanged: 1
gpg --verify passwordsafe-debian-0.93BETA.amd64.deb.sig passwordsafe-debian-0.93BETA.amd64.deb
gpg: Signature made Fri 07 Feb 2014 12:51:42 AM PST using RSA key ID 5CCF8BB3
gpg: Can't check signature: No public key
{der} When I click on the .asc file at SF it drops down with MD5 and SHA1. Testing the package against these it flunks. I download the package again, and it flunks with exactly the same numbers.
What is wrong with this?
Well it works when testing as my user, but fails as root. This doesn't make sense as apt-key was done as root.
APT key management, GPG (as root), and GPG (as user) use different keyrings.
If done this way, some GPG pubring.gpg and APT trusted.gpg are both updated.