skribilo-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Signing key for 0.10.0

From: Benson Muite
Subject: Re: Signing key for 0.10.0
Date: Wed, 28 Jun 2023 15:31:01 +0300
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.12.0 
On 6/28/23 12:22, Arun Isaac wrote:
> 
> Hi,
> 
> Thanks for reporting this! The new signing key is mine. I joined the
> skribilo team recently as a maintainer, and made the latest release. So,
> I signed it with my key. But, I see this is probably not the best
> idea. It would cause quite a lot of confusion everytime we have new
> maintainers on the team.
> 
> @Ludo: How should we best handle release signatures? Should we resign
> the latest release with your key?
> 
> Regards,
> Arun
Hi Arun,
Thanks for maintaining Skribilo. Locally on my machine, get
$ gpg2 --verify skribilo-0.10.0.tar.gz.sig
gpg: assuming signed data in 'skribilo-0.10.0.tar.gz'
gpg: Signature made Wed 08 Mar 2023 04:11:11 AM EAT
gpg:                using RSA key 7F730343F2F09F3C77BF79D32E25EE8B61802BB3
gpg: Good signature from "Arun I <arunisaac@systemreboot.net>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 7F73 0343 F2F0 9F3C 77BF  79D3 2E25 EE8B 6180 2BB3

$ gpg2 --verify skribilo-0.9.5.tar.gz.sig
gpg: assuming signed data in 'skribilo-0.9.5.tar.gz'
gpg: Signature made Sun 01 Nov 2020 08:31:29 PM EAT
gpg:                using RSA key 3CE464558A84FDC69DB40CFB090B11993D9AEBB5
gpg: Good signature from "Ludovic Courtès <ludo@gnu.org>" [unknown]
gpg:                 aka "Ludovic Courtès <ludo@chbouib.org>" [unknown]
gpg:                 aka "Ludovic Courtès (Inria)
<ludovic.courtes@inria.fr>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5

So it seems signed. However following:
https://ftp.gnu.org/README

$ gpgv --keyring ./gnu-keyring.gpg skribilo-0.10.0.tar.gz.sig
skribilo-0.10.0.tar.gz
gpgv: Signature made Wed 08 Mar 2023 04:11:11 AM EAT
gpgv:                using RSA key 7F730343F2F09F3C77BF79D32E25EE8B61802BB3
gpgv: Can't check signature: No public key

$ gpgv --keyring ./gnu-keyring.gpg skribilo-0.9.5.tar.gz.sig
skribilo-0.9.5.tar.gz
gpgv: Signature made Sun 01 Nov 2020 08:31:29 PM EAT
gpgv:                using RSA key 3CE464558A84FDC69DB40CFB090B11993D9AEBB5
gpgv: Good signature from "Ludovic Courtès <ludo@gnu.org>"
gpgv:                 aka "Ludovic Courtès <ludo@chbouib.org>"
gpgv:                 aka "Ludovic Courtès (Inria)
<ludovic.courtes@inria.fr>"

So it seems you need to have your key added to those in GNUs keyring.
Not sure what the process for this is, but hopefully it can be done.

Regards,
Benson
reply via email to
[Prev in Thread] Current Thread [Next in Thread]