[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Guile Release Signing Key? (Laptop stolen 7 August 2017 ???)
|
From: |
Alex Vong |
|
Subject: |
Re: Guile Release Signing Key? (Laptop stolen 7 August 2017 ???) |
|
Date: |
Sat, 16 Sep 2017 18:28:21 +0800 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) |
Christopher Howard <address@hidden> writes:
> Hi, I'm in the habit of checking release signatures before I install
> from source. I see in the Download area there are signatures for each
> of the Guile releases, but I can't seem to find the right public key. I
> imported the project key chain and then (re?)important the keys listed
> for each of the project admins, but no luck.
Hello,
I think the key is revoked because the key owner (Andy Wingo)'s laptop
is stolen:
address@hidden:/tmp$ LC_ALL=C torsocks gpg --verify guile-2.2.2.tar.xz.sig
guile-2.2.2.tar.xz
gpg: Signature made Fri Apr 21 22:33:48 2017 CST
gpg: using RSA key FF478FB264DE32EC296725A3DDC0F5358812F8F2
gpg: Good signature from "Andy Wingo <address@hidden>" [unknown]
gpg: aka "Andy Wingo <address@hidden>" [unknown]
gpg: aka "Andy Wingo <address@hidden>" [unknown]
gpg: WARNING: This key has been revoked by its owner!
gpg: This could mean that the signature is forged.
gpg: reason for revocation: Key has been compromised
gpg: revocation comment: Laptop stolen 7 August 2017.
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: FF47 8FB2 64DE 32EC 2967 25A3 DDC0 F535 8812 F8F2
signature.asc
Description: PGP signature
- Guile Release Signing Key?, Christopher Howard, 2017/09/15
- Re: Guile Release Signing Key? (Laptop stolen 7 August 2017 ???),
Alex Vong <=