:: Re: [DNG] OpenPGP key for Devuan Re…
Page principale
Supprimer ce message
Répondre à ce message
Auteur: Alexis PM
Date:  
À: dng
Sujet: Re: [DNG] OpenPGP key for Devuan Release ISOs?
The problem is who signs, who is not someone whose signature is expected.

wget https://files.devuan.org/devuan_chimaera/Release_notes.txt -q -O - | grep -A 4 'are signed'

wget https://files.devuan.org/devuan_chimaera/installer-iso/SHA256SUMS https://files.devuan.org/devuan_chimaera/installer-iso/SHA256SUMS.asc
gpg --verify SHA256SUMS.asc
gpg --keyserver pgp.mit.edu --search-keys E93D7167A4F5FA9E9FED497770285BA5CF280BA4

Ralph Ronnquist (rrq) <ralph.ronnquist@???>

It would be expected that someone@??? or similar, as on
wget https://files.devuan.org/devuan-archive-keyring.gpg -q -O - | gpg

PS: keys.gnupg.net closed down years ago (talked about here in the list when it happened), but the others (pgp.mit.edu, keys.openpgp.org,...) continue.

Best regards,     En viernes, 25 de febrero de 2022 19:06:27 CET, Lars Noodén via Dng <dng@???> escribió:  


I see that the ISO images are signed.  I've tried to fetch the signing
key[1] again,

$ gpg --keyserver keys.gnupg.net \
  --recv-key E032601B7CA10BC3EA53FA81BB23C00C61FC752C

$ gpg --keyserver keys.gnupg.net \
  --recv-key BB23C00C61FC752C

$ gpg --keyserver keys.gnupg.net \
  --search-keys BB23C00C61FC752C

but get an error instead with each of the above methods:

  gpg: keyserver receive failed: Server indicated a failure

What is the current / correct location to find the public key to check
the releases with?

/Lars

[1] https://www.devuan.org/os/keyring
_______________________________________________
Dng mailing list
Dng@???
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng