From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id 1DEE56DE0C1F for ; Wed, 6 Feb 2019 03:03:50 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: -2.301 X-Spam-Level: X-Spam-Status: No, score=-2.301 tagged_above=-999 required=5 tests=[RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dMYD3h4jMXdZ for ; Wed, 6 Feb 2019 03:03:49 -0800 (PST) X-Greylist: delayed 946 seconds by postgrey-1.36 at arlo; Wed, 06 Feb 2019 03:03:49 PST Received: from mx1.suse.de (mx2.suse.de [195.135.220.15]) by arlo.cworth.org (Postfix) with ESMTPS id 16A7E6DE0AAB for ; Wed, 6 Feb 2019 03:03:49 -0800 (PST) X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 68CBFB66C for ; Wed, 6 Feb 2019 10:48:00 +0000 (UTC) To: notmuch@notmuchmail.org From: Adam Majer Subject: Release signatures Openpgp: preference=signencrypt Autocrypt: addr=amajer@suse.de; prefer-encrypt=mutual; keydata= mQINBFJv4lkBEADcOUzrFFcKO4DVpbcI6R2Jo+j5rhaf4qevom9ejz2lNKK4CZOXCsC33Okq PY0OAZzzUyEohyU+wXNGk75gYKhRjXVvB4oq+ye1fzykusNFbmTuWS+PM6Y/d/ER3ZZHDKtT Uzm2myB5aHPSUb1Z1iDGDbNVEGMnav8tuvFCrEUGCyYLNQ9NRVTCndJOKVfDNZAOin237G2n DRxCwOu49BaQ94OGGV3ooA61b9tmoGahmZKi+lJmzOUrWGZZh/mbIbgFvb1KBCFVKGEI5ttb 6Nk/wF0xQFG1Y3/HepQ+OL2i6XPnEdIUuPeVEO/FIvJ2oVqwkMF4qqOp3x1uLT5s5mWI1FG4 qRqtzNVksQXB33b2qo2+TZSQGbHBSl05q3H3/UZWwCJSxzxuqko+0kiGKm0uQiKYAzEfIA2r xi8JHivL8OLJVF7emuGS2jFHIqAgQx0kpQFa33yRb548pwTXCQHE36kdN9d2XNtBeWncsAiT mYX896ol9xcZeePOoIZZxc8caZz446XD9JuBGFLDPrr2ODnZ1Vq3G7uwtxtIU+BcZYViyH6O gaCQ6gcHzWn8ko8F1gs9yncvz4Ml0SL9Fnlu+9UNtmLK6pWySbDgv6VqM+LMnsufcvKhfPU8 1HkHNa/fEe/uuaBWSkiMpDo75ZFr2r9AJF7IhGhXAZYkRjNg5QARAQABtBtBZGFtIE1hamVy IDxhbWFqZXJAc3VzZS5kZT6JAjgEEwECACIFAlc7j8ECGwMGCwkIBwMCBhUIAgkKCwQWAgMB Ah4BAheAAAoJEOUj8iCsjfvQOn0QAIHeBm3LC4mcALXKcuxR3kORg5flT2rfQBkPUXtECw7A kVsz9RSIvYNOVgbIy8/4ELaBnoSfULbz7g+SvebSNN6kf0B4eK3LFCxR48lgfjN8np9O5pHX T5WAQHnot/u7JAxHzPD8GrATVOM66pUjtJfnDtpKzRDyEaKIkFQ04u5Kka2tbq2iZWjZ/Y35 PwE57a8Zj/LiFwENDsIO7gE8jBLzU2A1XjQCIZ985sZKg4u2Gf/jFHm+M1dN2K5SZ42qRYRd 2RnDb5ROHqcj5/g2iNITS6KeIiwrhvg7aeSVyq7tmRZyizfyeK6WbYZ5xaky9yip817B/oNE TClrtTWmqCbinzJ67Y5+OtVCLGc7SBjExEnip7nMKtYjBq+V3iNAaGeulReoOcXjiEmKO9pP ZrFx5H/xNT3eqzU2xR0pVU/cOPoCvWLB+F75Q5aaNgpxDSXJqKzVlpEnwu+OTlA3lFmvuGR4 ZtZif/XDCk1xfRKB9afyHT9JQ8xztN7sYiMMALgJPq3MDcvDaJvXgYXBMbEL3kuEDLqONw/y q4EWo3sBKxby3NgMpCuKaAqVox4XQDVL1ZyBQ5X3tLTb3To+gsu62i1OmJmmti4Opl2vZ7SL +9d6gn2AcSyA2140kLR0Wvg2J47zEJF1Eh3/2DJ1mhdv/YXz3ZOvDDqcrfEcJKHQuQH1BFbK g8kBD0Do5HJ6KdgAAFtN+96tdHDKPpXi9wDa6TXbWIFTY7fH8FfDxBbWQE262qfmdgiJxhy0 6FTkQIiYzKXZR7aLvA5k0jCtRfYuyD9m0jD+AkW9o/XZrEHdzXA6ScNQQllknAflqHPpx8n8 Sy1jHrZS5ImvrO2Bkv5jXDKSH88AAxwak1t3IqmnUJaZ71tDxvbxRNJtHt9SF0m3RrBTTM1O H5+3IPg1lKigJMxNGDGsAxTN3mkH9T83ZMaRx9JKNUcpJI5b9DYZxEgYpvHhweZZQNATSUXL KR/usMSU/zO5RrrAPBwtFDJ9ASjdfVwgAltMgjQ10thbBnRHFDTvdEnU/NRcLf4rWZElVIQY PR2hc1j4mSr9qVG3zLCuXpeXSJhq3mBLDS0EvOik419z2Q05UAxD5Ka6r0FzQc8H10lMc6ld Prry1YczUuxVy+RxQayzeX2jGYzHVTJLtsLjmGC+BlYfRPuXGkTcRZnLcOEpbsIulnmvgKnw M077qZmj/FZbqnTcnsC5xBCZFurldWvpJAbuRifV0cStJBdHhtVruD0eQ3SkakS4iAB9U8ba bPaNgLlERyj34qiqjQcY0YCePBfsxbsVB6K+tJFCevWXcdO6fmszuzCFpmJynuTEXs09lsEZ hVlkKQAtQQARAQABiQIfBBgBCgAJBQJWyoPJAhsMAAoJEOUj8iCsjfvQkokP/R83tzdrKi0I FcOjoto2USS1NEyKFKRy66PeMR8An8LwO4Mfi6SrjTSP6z6QZf4/Z8iZb9rAKHQxp/WXx5d6 fBetu5Il8E88MWmoQxrtJL6jczT0oMSxPzeD/4jRPjvnB78aHl6hIqmEKv/Ch94J8tejFXdg 6jtnwkCk3/h/tHOkDk5aefLvlcG/xnm0wYVi607PjzJsxwSc/gba72FgykyEHQhjmfcuoOmB eN+PLK7qk3X4P+NAvYBEQuCm62iaxvJT5q++UIVemkWEqWjTLOz2OTl12ToHDOGQOMdBruw+ C7kyA0k0DYNjIIVQYEmXpKVD4EwYN1IfFH4Y8onRPFB/U70svLIq2FRrza6Vjxk9aZdTeOdi o8Dp7l6L3sfV7MndV2Q+PBaOwV1uO9CZuoWMRbXXydB4OtSTuWpclncf4Y3NseMEWjmE0v8l /XiqDozU4YRNCU8ocex5BBjp9dYPxqZsEK2TZYg29viZEs99O/0OuvtM9u83jJI722yjSMp8 Nc2Y2I4sDR0oTdVR3id8ndbRikDbX/wlVf+HQAOnwPmR9vhM4y1PzRSj4/Owhpmv1omMFiZu hMHId3gPS3iLVQSuUJKVvnPtwUMAON34VVgN6YA+sm4kBq44oUkQ8od4winYGe1Y2MNL6rxf LqlKWTjUxZMApuNDH9pjmXzvuQH1BFbKhLwBD0CyazWEatk7lkY2aF7jXgdv2KqnTtagRjzY E/7zXDJcbaRfmSl1caOaDlvsCF80+omkTx7QZ6O9BdAN8Jilo4ovf0fPhbgxQgpDv5M8Im+t 0iuDuopPyDSHQTkOaJ0//iPWStltO5Dg0ApDkBFkFX5KdWN6BpGaYWhfrpiqBYCevxbatx5V WZ039PunUEEza3n3cDNrVz38XNsZvnPEZ6HP73OXpE+9U70lJ8DQj3kJTjyOCVOXnGTiP6g5 Y4GWnRZ5YCBdMyqXm5eThO0P6Wi3LHbGd4M0U26NUuRK8G7K4PhqaJmxEz0O51nJDUGlhhgE UR1uIYyUJsAB/vVKw+nwiqG7Fj6n/spKvyAKrmXeONlg29Y/E8yI805z1UXGblauLzchvvMS dDH6vK8ri4RWmG95EW+TlcPmtJCw4fIAJ7kjoZoVU9OXSfHPj7nd5QHztZdjqSfiMEEgzs83 fu7bqcyR11Pi8KQcDvHJMj/hLrTMIKhj7PPpNcuoBXvBDrny1m5zewUWVE0DyG/1kVZU1Vmn 5h557+6kjKHAow1PSst1Sk854u1AVv/yCIzWbTWOheE2gAwCN+teRQIbdIFEBDNzMc/yC08W 4JjVo5MTrTftnNdQ360cjUBkJMc+lfaaz1H7Yi8aswARAQABiQQsBBgBCgAPBQJWyoS8AhsC BQkDwmcAAhEJEOUj8iCsjfvQwUUgBBkBCgAGBQJWyoS8AAoJEIZFCLAbJnnPQIwPOwQMf+6B okBLdDZRZZhPfKnpT9hsdP/Lwjrfu9myHUi7RzwS2uLRn6Q6bhsG7I/j3HQR+5uukLL+czqg zV64LZxamnB5JmRmyr9F5yVsEb7gipJqBfuNo28yBLWdE1LdXCdY4jKm095NyhluiagKm93Q pK/QqN8iW2ns2a4V3nG6yisIpQ1Dyi4c3G2t9JP7A/IT1O5zu2bxeEb9Q0XEafFqaz2doYE0 kFWzf5vtGyZ0MQkS6q5qzWbwo+4aOvZagFSHeBgBzhtu8xidXdTD1F5+s4NzLkh6/O7tDw7X GwJCh6CRerBGz4rkVNT8DKPkMB7R9h/NiIEK6Eko6OJ+ARaJvtrcRtDpjNxrPpl7YbSBJSqP GMOEWduUh8XCRkM0t4f+f7Iyz5Uw+F7LE2GPjU2xC5ERrb2VHNxRsEphCnvhxHGD/cxBch3O eju0oNr3DiJGSff+7wsajtYZ6jNlm5NDgjOoAx5XjOspQ0pjiT7KONpFATRejT4yqDLshHkF H5vOO9xxfu93PeOzVZFZTU6g3PQ0OMvQ+/UqKltJifpTYPUFSM7yDE0LdPNoWlRttmKwI1SP llhgfmm0z2i9QhYo78camqwMvIhs+NKIEZvdKBwyf6fVzWqVfCnvIO5S1zweJcykqS3umc0Q ALxFV57xwf+kHHAXnwNPMp0GkOzFd8PHYoQbKPJxaV2UzCp14WVa0NduPGt2EpTCXXI4e1E1 gDyqtexKaSez2O1tXoPnIGB7CuPkEYpAORnJqa1+0wJSbuY4Pwn6c89TNSMbY7tE0LNDFoSN 4eU1tAgYPLKHx2bL2vToVjqVKYkY/lJiATKJ76CHbpfWj3ULsnw/lE65i2I+qfCU0Uk4MlhN bRgR3BYGbUzDkQPTCgvap7zl/2H1VqoGWLAY1cC80upLtnjaFD+GJlTPexRVQjR3HQmO8Yha q4IyxyUDrX/WFCJQLrJxYo6KWlKRoQyFmqgkI76/bWWso50dpBo+PABez6B1r8ed+9r7pUDm MfF2DmQ4QbqzPE7KoJ57FF2Bn8mRPuuocKqwvAo0w2nCAAxFdNeRo7XOvvNlHcWUjrw1r1Id kSC4VdZRG9+qcQWZ3esTNSTN6dO0Gjt1lK7GOZtZLy7k1Gmw7jcN8Y9pkzPB5m1cminJdnxA HGOfLNV1a0DGOLdTowei8hDgQD5ua+ljgDp2/eSxLVSCsFcBDbemFsljdYFxoxswp4H49TDH ZAWGPXarTCvnpEkGGznHo9Dnr5GUP5fFR/EC1NN+jMPrrh2amdcXY64Djt3xiKb7koLaznZG V7aJalXX2M9zBcRA/h6B1r+/HSjhgkIfqgBdiQRDBBgBCgAmAhsCFiEEkLZqaVu0VX8ijOmJ 5SPyIKyN+9AFAlmaEGYFCQg30qoCEcFFIAQZAQoABgUCVsqEvAAKCRCGRQiwGyZ5z0CMDzsE DH/ugaJAS3Q2UWWYT3yp6U/YbHT/y8I637vZsh1Iu0c8Etri0Z+kOm4bBuyP49x0EfubrpCy /nM6oM1euC2cWppweSZkZsq/ReclbBG+4IqSagX7jaNvMgS1nRNS3VwnWOIyptPeTcoZbomo Cpvd0KSv0KjfIltp7NmuFd5xusorCKUNQ8ouHNxtrfST+wPyE9Tuc7tm8XhG/UNFxGnxams9 naGBNJBVs3+b7RsmdDEJEuquas1m8KPuGjr2WoBUh3gYAc4bbvMYnV3Uw9RefrODcy5Ievzu 7Q8O1xsCQoegkXqwRs+K5FTU/Ayj5DAe0fYfzYiBCuhJKOjifgEWib7a3EbQ6Yzcaz6Ze2G0 gSUqjxjDhFnblIfFwkZDNLeH/n+yMs+VMPheyxNhj41NsQuREa29lRzcUbBKYQp74cRxg/3M QXIdzno7tKDa9w4iRkn3/u8LGo7WGeozZZuTQ4IzqAMeV4zrKUNKY4k+yjjaRQE0Xo0+Mqgy 7IR5BR+bzjvccX7vdz3js1WRWU1OoNz0NDjL0Pv1KipbSYn6U2D1BUjO8gxNC3TzaFpUbbZi sCNUj5ZYYH5ptM9ovUIWKO/HGpqsDLyIbPjSiBGb3SgcMn+n1c1qlXwp7yDuUtc8HiXMpKkt 7gkQ5SPyIKyN+9BgARAAyNUvqysnB3H/9vFAKHzqD1vBWSfTlJMTb5cDjFPFkF3UtYXmlnrw ixEMDRCG7aZYh/ZkEZLHZu+QvffW95RNJKraDRxjkFl+67Vpe5jmvVmwaF/gGcbEdRKs5bxo ugDbDa1eUxjjiZaZFlPGniVpZATH1GBu83JMy3Dywvh/VRv6oLaFJrITzK0Echs/K+QvhhUt VQERuByhIRKJLyzo+knHpyfjhPxKBnRUY6/76sKQgh+FFe4VzlpMpagZ/RayEQfl7GyaRfrz JnfUsdXlxZVzBEzAGPedwScqyYW6V+DItyyngwrxzab9kFnzx6ChaS2b+0MsxcqAignXmkv6 X/k7u533rsQGKmD0E8u1yYHc52hhBIIwbDp5w7JMr6QUVw5MsdZIJ4GXgjoUU6b1cT9KWRhb PkdcSKqVriHtpIy0vSGyfgvMDO47QJS/jNSk5Vi07PSxsXNCWDfjeBJH7zH5E7DpbP0i4HRB iUTJryvztTPlIyvgB1vL1F5t4dAUv+dbl3dsSLwmW/0dGp4FrwLZ+vOKsR8G/uHoUj3kyrQ3 agoZl38l7xhhk2jbwFhc8gKuEEVVOiV3j2y8WpY7CG2pr5InuOK3Wly7Ar8jm0RXVIjYCXtX 5kwLgbyZtpjQ980GRn3BxP3bYWv/stvOk9YwIN1JZJuMpLbJqd2RuQm5Ag0EUm/iWQEQALOz Ju2pTrxRNQyNoR+WyiCAYeqGPG+DHumzWfGBq3E5bnwd3uMgMkFgpxPUu8mkxmJvi/S1mB1N Hd4VjD832vikoSUTjpXy1jWZB9W8ytl+XWi/8QAdy3gpwnHOqk98VfWXvsI55ZCU5mQuCTV5 hEp7prAFuS/qQj+NuSGUsCDREWYmrEQXHW+b1/YE1EsmkQxhp5hQexPhZ3JLb23bwudniAQE GhdLf96Sa8Mvn91tgAs6C71tUBfljuGljqmnx/JTXpWp7RD4uUQ49eqG+5HJi9isIwfglwAJ RRNguXKlVhhNj3MesVuPYdOX3pdrwzDR4o56cUaiRawD5S85vTQRXxaOn3uiKO9CiEdaNhx0 +l4qSN892XPaCSHMtFd53UYZTmk1/TYqpeCXzu/9JDATBDfo3vx88UHuFYuWKrBWXqyf60ZT eOlqN1LQKxSc0gp0svl7rFJlgvjd5C7vTKzQ0Ayf0py/1y81K2AGCYTxeWmvZR1Hls1Zb0r6 ggPlJbn3xf/IjYnYEV6oKih+iD6SLpIKWiLT5opp6KNVtJ3cb8/Gxgp0eLZuK0l/Oy0Ijedo 5AQvUC8o+3OG2AqdIL2a5nMOyauTzqrephh6GOs56TT3pAV5v5M/Jaz1TFOZ8LRzny8W6rOU 4nITmrOIR8v1OKbqEiG91MmDSaSmGyMBABEBAAGJAh8EGAECAAkFAlJv4lkCGwwACgkQ5SPy IKyN+9BDthAAudz3KuR3dGOs2EOhXwcog5RNTRpFKWFBfzjmOJqhWeewoSSqrwFJjSgCx4sf n/E5i4lmRdP+opc70uhmPUrpAdDMc/QA8UFqLVSUmdGVnphuokTZDdear9PzxhdqfY7py0AS JpB7i6VyFTPwKn1DniZz3p73S8AaYzeuMm3agzMKzVX2u87Xjb5lKZXczEQUs5WOamviupkt zFlrCUVePmdGQJ/1XUBpn4Sdxas2TbZfuBlVYW3wQbXPLM3y9iv0GOrge4gRkCo/m/1qyL5W DWjU7HFNBfJgLTSDcWUpPodTXbWwD9WhlllTZThF/f1iDRHV3xXBE6yzSHdlo4+IC45zxpdA r9D2VzCAdwZo0QP86CMiYnXoo8HsXMNH0QAe3RboEo38HS+++CPPk3mMrIqpp7e2JIY7DMBN JbzQHR15Fe7N5RhW4eWf7qgW80A3hAQqwyVfRgg4QEoddnzIXDyttj7Z8ylhhDn8p94lCYy2 sGypGRuN57gAIwYq3H/mod80D4gAe/tdjbwovvXQhd/QvFyRpe+XKzRyb7jC53CdKpgFxezS AY4+fCc8bMQ997W6vvqCDlfHYRweUp10JixYGQYb4ZwvXwgUCzyVcnZwENmIR6VrU8ayeE9M DarRhTFwe8M26sdXpRNfdujow5YS6HoZERH/ePJqv2h1f6w= Organization: SUSE Linux Message-ID: Date: Wed, 6 Feb 2019 11:48:00 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Thu, 07 Feb 2019 09:29:54 -0800 X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Feb 2019 11:03:50 -0000 Hello, The releases are signed in a funny way. The .asc file are not detached signatures of the checksum, but actually contain it inside the .asc file. # gpg -v --verify notmuch-0.28.1.tar.gz.sha256.asc ... gpg: binary signature, digest algorithm SHA256, key algorithm rsa3072 gpg: WARNING: not a detached signature; file 'notmuch-0.28.1.tar.gz.sha256' was NOT verified! A much better way of signing this would have been as a detached signature of the tarball itself. Why sign a hash of a hash? ;) # gpg --detach --sign notmuch-0.28.1.tar.gz -> notmuch-0.28.1.tar.gz.sig Then you can verify this is a properly signed binary, # gpg -v --verify notmuch-0.28.1.tar.gz.sig gpg: assuming signed data in 'notmuch-0.28.1.tar.gz' gpg: Signature made Wed 06 Feb 2019 11:37:19 AM CET gpg: using RSA key 4BE7C1D3CC65813AF349D42F864508B01B2679CF gpg: using subkey 864508B01B2679CF instead of primary key E523F220AC8DFBD0 ... gpg: binary signature, digest algorithm SHA512, key algorithm rsa3904 The digest algorithm is from the key preferences, which you can change. You can also specify it as --digest-algo option, if you prefer. Best regards, - Adam PS. I'm not on the list. Please cc me if you would like any response ;)