* Guile Release Signing Key?
@ 2017-09-15 18:30 Christopher Howard
2017-09-16 10:28 ` Guile Release Signing Key? (Laptop stolen 7 August 2017 ???) Alex Vong
0 siblings, 1 reply; 2+ messages in thread
From: Christopher Howard @ 2017-09-15 18:30 UTC (permalink / raw)
To: Guile User Mailing List
[-- Attachment #1: Type: text/plain, Size: 585 bytes --]
Hi, I'm in the habit of checking release signatures before I install
from source. I see in the Download area there are signatures for each
of the Guile releases, but I can't seem to find the right public key. I
imported the project key chain and then (re?)important the keys listed
for each of the project admins, but no luck.
--
Christopher Howard
Computer Assistant
Alaska Satellite Internet
3239 La Ree Way
Fairbanks, Alaska 99709
1-888-396-5623
https://alaskasatelliteinternet.com
personal web site: https://qlfiles.net
https://emailselfdefense.fsf.org/en/
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Guile Release Signing Key? (Laptop stolen 7 August 2017 ???)
2017-09-15 18:30 Guile Release Signing Key? Christopher Howard
@ 2017-09-16 10:28 ` Alex Vong
0 siblings, 0 replies; 2+ messages in thread
From: Alex Vong @ 2017-09-16 10:28 UTC (permalink / raw)
To: Christopher Howard; +Cc: Guile User Mailing List
[-- Attachment #1: Type: text/plain, Size: 1345 bytes --]
Christopher Howard <christopher@alaskasi.com> writes:
> Hi, I'm in the habit of checking release signatures before I install
> from source. I see in the Download area there are signatures for each
> of the Guile releases, but I can't seem to find the right public key. I
> imported the project key chain and then (re?)important the keys listed
> for each of the project admins, but no luck.
Hello,
I think the key is revoked because the key owner (Andy Wingo)'s laptop
is stolen:
alexvong1995@debian:/tmp$ LC_ALL=C torsocks gpg --verify guile-2.2.2.tar.xz.sig guile-2.2.2.tar.xz
gpg: Signature made Fri Apr 21 22:33:48 2017 CST
gpg: using RSA key FF478FB264DE32EC296725A3DDC0F5358812F8F2
gpg: Good signature from "Andy Wingo <wingo@pobox.com>" [unknown]
gpg: aka "Andy Wingo <wingo@gnu.org>" [unknown]
gpg: aka "Andy Wingo <wingo@igalia.com>" [unknown]
gpg: WARNING: This key has been revoked by its owner!
gpg: This could mean that the signature is forged.
gpg: reason for revocation: Key has been compromised
gpg: revocation comment: Laptop stolen 7 August 2017.
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: FF47 8FB2 64DE 32EC 2967 25A3 DDC0 F535 8812 F8F2
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-09-16 10:28 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-09-15 18:30 Guile Release Signing Key? Christopher Howard
2017-09-16 10:28 ` Guile Release Signing Key? (Laptop stolen 7 August 2017 ???) Alex Vong
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).