From: Eli Zaretskii <eliz@gnu.org>
To: Ali Elshishini <shishini@outlook.com>, Corwin Brust <corwin@bru.st>
Cc: larsi@gnus.org, 55666@debbugs.gnu.org
Subject: bug#55666: enhancement request - SHA-256 for emacs downloads
Date: Sat, 28 May 2022 09:15:23 +0300 [thread overview]
Message-ID: <83czfymbd0.fsf@gnu.org> (raw)
In-Reply-To: <BL0PR1901MB4676C79F8C3637A844934BB4DBDB9@BL0PR1901MB4676.namprd19.prod.outlook.com> (message from Ali Elshishini on Sat, 28 May 2022 00:43:28 +0000)
> From: Ali Elshishini <shishini@outlook.com>
> CC: "55666@debbugs.gnu.org" <55666@debbugs.gnu.org>
> Date: Sat, 28 May 2022 00:43:28 +0000
>
> Thanks for pointing out the announcement email
> Unfortunately it doesn't include the SHA hashes for the windows files
You never said in your original message that this is about the Windows
binaries.
The Windows precompiled binaries are produced by volunteers who are
only loosely associated with the Emacs project. The project releases
Emacs as source tarballs, and the SHA checksums for that are in the
announcement. I've CC'ed Corwin, who produced the latest binaries of
Emacs 28.1.
For the Windows binaries, providing the SHA checksums is entirely up
to the person(s) who makes the binaries available.
> Also verify the signature on windows I am not sure if this is the expected output
> for me look like it failed
>
> >From command line
>
> PS C:\downloads> C:\"Program Files (x86)"\GnuPG\bin\gpg --keyserver keyserver.ubuntu.com --recv-keys
> 17E90D521672C04631B1183EE78DAE0F3115E06B
> gpg: key E78DAE0F3115E06B: "Eli Zaretskii <eliz@gnu.org>" not changed
> gpg: Total number processed: 1
> gpg: unchanged: 1
> PS C:\downloads> C:\"Program Files (x86)"\GnuPG\bin\gpg --verify .\emacs-28.1.zip.sig
> gpg: assuming signed data in '.\emacs-28.1.zip'
> gpg: Signature made 2022-04-21 4:11:30 PM Eastern Daylight Time
> gpg: using RSA key ECE77CF417C76C1ACFCE7C2B5B6135511580F007
> gpg: Can't check signature: No public key
> PS C:\downloads>
You are using the wrong GPG key: my key was used to sign the source
tarballs, not the Windows binary zip files. The Windows binaries were
signed by Corwin Brust's key as the Download page says. You need to
fetch that key, not mine.
> I think adding the SHA hashes somewhere remains a valuable addition
> using and verifying signature on windows is more complicated than it needs to be
That may be so, but this activity is based on volunteers doing this on
their free time. We can only ask them to do what their time and
resources allow.
next prev parent reply other threads:[~2022-05-28 6:15 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-26 17:47 bug#55666: enhancement request - SHA-256 for emacs downloads Ali Elshishini
2022-05-27 10:59 ` Lars Ingebrigtsen
2022-05-27 11:46 ` Ali Elshishini
2022-05-29 7:42 ` Corwin Brust
2022-05-29 17:08 ` Ali Elshishini
2022-05-29 18:53 ` Corwin Brust
2022-05-29 19:46 ` Ali Elshishini
2022-05-27 12:28 ` Eli Zaretskii
2022-05-28 0:43 ` Ali Elshishini
2022-05-28 6:15 ` Eli Zaretskii [this message]
2022-05-28 17:14 ` Ali Elshishini
2022-05-28 19:06 ` Eli Zaretskii
2022-05-28 19:17 ` Ali Elshishini
2022-05-28 19:27 ` Eli Zaretskii
2022-05-28 20:31 ` Ali Elshishini
2022-05-28 22:09 ` Corwin Brust
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=83czfymbd0.fsf@gnu.org \
--to=eliz@gnu.org \
--cc=55666@debbugs.gnu.org \
--cc=corwin@bru.st \
--cc=larsi@gnus.org \
--cc=shishini@outlook.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.