[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#55666: enhancement request - SHA-256 for emacs downloads
|
From: |
Eli Zaretskii |
|
Subject: |
bug#55666: enhancement request - SHA-256 for emacs downloads |
|
Date: |
Sat, 28 May 2022 09:15:23 +0300 |
> From: Ali Elshishini <shishini@outlook.com>
> CC: "55666@debbugs.gnu.org" <55666@debbugs.gnu.org>
> Date: Sat, 28 May 2022 00:43:28 +0000
>
> Thanks for pointing out the announcement email
> Unfortunately it doesn't include the SHA hashes for the windows files
You never said in your original message that this is about the Windows
binaries.
The Windows precompiled binaries are produced by volunteers who are
only loosely associated with the Emacs project. The project releases
Emacs as source tarballs, and the SHA checksums for that are in the
announcement. I've CC'ed Corwin, who produced the latest binaries of
Emacs 28.1.
For the Windows binaries, providing the SHA checksums is entirely up
to the person(s) who makes the binaries available.
> Also verify the signature on windows I am not sure if this is the expected
> output
> for me look like it failed
>
> >From command line
>
> PS C:\downloads> C:\"Program Files (x86)"\GnuPG\bin\gpg --keyserver
> keyserver.ubuntu.com --recv-keys
> 17E90D521672C04631B1183EE78DAE0F3115E06B
> gpg: key E78DAE0F3115E06B: "Eli Zaretskii <eliz@gnu.org>" not changed
> gpg: Total number processed: 1
> gpg: unchanged: 1
> PS C:\downloads> C:\"Program Files (x86)"\GnuPG\bin\gpg --verify
> .\emacs-28.1.zip.sig
> gpg: assuming signed data in '.\emacs-28.1.zip'
> gpg: Signature made 2022-04-21 4:11:30 PM Eastern Daylight Time
> gpg: using RSA key ECE77CF417C76C1ACFCE7C2B5B6135511580F007
> gpg: Can't check signature: No public key
> PS C:\downloads>
You are using the wrong GPG key: my key was used to sign the source
tarballs, not the Windows binary zip files. The Windows binaries were
signed by Corwin Brust's key as the Download page says. You need to
fetch that key, not mine.
> I think adding the SHA hashes somewhere remains a valuable addition
> using and verifying signature on windows is more complicated than it needs to
> be
That may be so, but this activity is based on volunteers doing this on
their free time. We can only ask them to do what their time and
resources allow.
- bug#55666: enhancement request - SHA-256 for emacs downloads, Ali Elshishini, 2022/05/26
- bug#55666: enhancement request - SHA-256 for emacs downloads, Lars Ingebrigtsen, 2022/05/27
- bug#55666: enhancement request - SHA-256 for emacs downloads, Eli Zaretskii, 2022/05/27
- bug#55666: enhancement request - SHA-256 for emacs downloads, Ali Elshishini, 2022/05/27
- bug#55666: enhancement request - SHA-256 for emacs downloads,
Eli Zaretskii <=
- bug#55666: enhancement request - SHA-256 for emacs downloads, Ali Elshishini, 2022/05/28
- bug#55666: enhancement request - SHA-256 for emacs downloads, Eli Zaretskii, 2022/05/28
- bug#55666: enhancement request - SHA-256 for emacs downloads, Ali Elshishini, 2022/05/28
- bug#55666: enhancement request - SHA-256 for emacs downloads, Eli Zaretskii, 2022/05/28
- bug#55666: enhancement request - SHA-256 for emacs downloads, Ali Elshishini, 2022/05/28
- bug#55666: enhancement request - SHA-256 for emacs downloads, Corwin Brust, 2022/05/28
bug#55666: enhancement request - SHA-256 for emacs downloads, Ali Elshishini, 2022/05/27