verify gcc download

David Durham d.durham26 at
Tue Dec 22 15:46:39 CET 2009


I am trying to verify the download of a gcc-4.1.0.tar.bz2 file. I
also downloaded the corresponding gcc-4.1.0.tar.bz2.sig file. I have
tried gpg --verify gcc-4.1.0.tar.bz2.sig gcc-4.1.0.tar.bz2, but it says
"can't check signature, public key not found." Does this mean the file
has been verified, but just not the signature? The file at says that all releases after 8-1-2003
will be signed by the gpg maintainer who prepared the release. Does
this mean I need to get the public keys of each maintainer for each
software release I download? If so, could you please tell me how and
where to get the appropriate public keys?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20091222/fad54a57/attachment.htm>

More information about the Gnupg-users mailing list