Closed adsche closed 3 years ago
Should be good now. Sorry about that. Previous versions of TurboVNC were signed with a 1024-bit DSA key, which isn't considered very secure by today's standards. 2.2.6 and later are signed with a new 4096-bit RSA key, but I had neglected to update the key URLs:
https://www.TurboVNC.org/key/VGL-GPG-KEY https://sourceforge.net/projects/turbovnc/files/VGL-GPG-KEY
with the new key. As with VirtualGL and libjpeg-turbo, the new 4096-bit key has now replaced the old key at those URLs, and new URLs:
https://www.TurboVNC.org/key/VGL-GPG-KEY-1024 https://sourceforge.net/projects/turbovnc/files/VGL-GPG-KEY-1024
contain the old key. This allows the old YUM repo file to work properly, as long as you are only trying to install the latest version. If you need to install previous versions using YUM, then download the new YUM repo file from https://turbovnc.org/Downloads/YUM. The new YUM repo file contains the URLs of both the old and new keys.
Excellent, thank you very much, also for being so quick to fix it! Can confirm that it worked without any interventions now on Centos.
HI all,
thanks for the great work!
Trying to update via the official TurboVNC RPM repo, I get the following error on Centos 7:
Also manually re-importing the current key (as stated in the official TurboVNC.repo linked here) fails to validate the RPM:
(Package and repo caches has been cleared before testing this.)
Is it possible, that a different signing key was used that has not been published yet?