When importing keys from public key servers, GnuPG will import private
keys (also known as secret keys) in addition to public keys. If this
happens, the user's web of trust becomes corrupt. Additionally, when
used to check detached signatures, if the data file being checked
contains clearsigned data, GnuPG will not warn the user if the detached
signature is incorrect.
cf39b3d9baf91db3f5272d60672dc756 7.0/RPMS/gnupg-1.0.4-3.2mdk.i586.rpm 6d4087bd4aa40a54fe8e13dba15253c6 7.0/SRPMS/gnupg-1.0.4-3.2mdk.src.rpm
2f3d02b9fefbe27a8802c7215b9677c2 7.1/RPMS/gnupg-1.0.4-3.2mdk.i586.rpm 6d4087bd4aa40a54fe8e13dba15253c6 7.1/SRPMS/gnupg-1.0.4-3.2mdk.src.rpm
5315e438e24104ad16428845bedc5f07 7.2/RPMS/gnupg-1.0.4-3.1mdk.i586.rpm 582ad67607ebf93a174aa9d3905673d9 7.2/SRPMS/gnupg-1.0.4-3.1mdk.src.rpm
To upgrade automatically, use MandrivaUpdate.
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.