[MacPorts] #50429: unable to verify signature of MacPorts-2.3.4 download

Sun Jan 24 21:51:53 PST 2016

#50429: unable to verify signature of MacPorts-2.3.4 download
-----------------------+--------------------------------
  Reporter:  pigdog@…  |      Owner:  macports-tickets@…
      Type:  defect    |     Status:  new
  Priority:  Normal    |  Milestone:
 Component:  base      |    Version:  2.3.4
Resolution:            |   Keywords:
      Port:            |
-----------------------+--------------------------------
Changes (by ryandesign@…):

 * cc: jmr@… (added)
 * component:  ports => base

Old description:

> I downloaded MacPorts this morning.  There was no checksum provided, but
> a gpg signature.
> The gpg --verify check failed:
>
>   ro at peanut:/tmp$ gpg --verify MacPorts-2.3.4-10.11-ElCapitan.pkg.asc
> MacPorts-2.3.4-10.11-ElCapitan.pkg
>   gpg: Signature made Thu 01 Oct 2015 03:53:54 PM EDT using DSA key ID
> B4AAE6CD
>   gpg: Can't check signature: public key not found
>
> Can an md5sum or a passing gpg check be provided?
>
> Thanks,
> Rohit

New description:

 I downloaded MacPorts this morning.  There was no checksum provided, but a
 gpg signature.
 The gpg --verify check failed:

 {{{
   ro at peanut:/tmp$ gpg --verify MacPorts-2.3.4-10.11-ElCapitan.pkg.asc
 MacPorts-2.3.4-10.11-ElCapitan.pkg
   gpg: Signature made Thu 01 Oct 2015 03:53:54 PM EDT using DSA key ID
 B4AAE6CD
   gpg: Can't check signature: public key not found
 }}}

 Can an md5sum or a passing gpg check be provided?

 Thanks,
 Rohit

--

-- 
Ticket URL: <https://trac.macports.org/ticket/50429#comment:2>
MacPorts <https://www.macports.org/>
Ports system for OS X