bug#42852: sig keys?

bug-gnuzilla

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#42852: sig keys?

From:	Amin Bandali
Subject:	bug#42852: sig keys?
Date:	Fri, 14 Aug 2020 12:17:12 -0400
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux)

Hello,

al3xu5 / dotcommon writes:

> Hi
>
> I have dowloaded the latest 60.7.0 sources, and its .sig file.
>
> When checking the signature I have:
> ~~~
> $ gpg --verify icecat-60.7.0-gnu1.tar.bz2.sig 
> gpg: assuming signed data in 'icecat-60.7.0-gnu1.tar.bz2'
> gpg: Signature made dom 02 giu 2019 22:43:25 CEST
> gpg:                using RSA key D7BEFC2F89D03EFC
> gpg: Cannot verify signature: No public key
> ~~~
>
> I suppose the sources were signed using a different key than that for
> previous version...
>
> But I cannot find any reference about this in the usual places:
> https://www.gnu.org/software/gnuzilla/
> https://ftp.gnu.org/gnu/gnuzilla/60.7.0/
> https://git.savannah.gnu.org/cgit/gnuzilla.git
> https://libreplanet.org/wiki/Group:IceCat/
>
> Please anyone could help?
> Thanks in advance.
>
>
> al3xu5

The tarball was signed using Rubén's (currently-expired) key, available
from his Savannah profile [0], and the GNU maintainers keyring [1].

Since the key and its subkeys are currently expired, you need to specify
the `show-unusable-subkeys' list option in order for gpg to show the
subkeys, including the signing subkey (denoted with [S]), as shown
below.

[0]: https://savannah.gnu.org/users/rubenquidam
[1]: https://ftp.gnu.org/gnu/gnu-keyring.gpg

,----
| $  gpg  --list-key --with-subkey-fingerprints \
|         --list-options show-unusable-subkeys  \
|         318C679D94F17700CC847DE646A70073E4E50D4E
| pub   rsa4096 2019-04-24 [C]
|       318C679D94F17700CC847DE646A70073E4E50D4E
| uid           [ unknown] Ruben Rodriguez Perez <ruben@fsf.org>
| uid           [ unknown] Ruben Rodriguez Perez <ruben@gnu.org>
| uid           [ unknown] Ruben Rodriguez Perez <ruben@trisquel.info>
| sub   rsa2048 2019-04-24 [S] [expired: 2020-04-23]
|       B237DFE8B602BC8D82D9E37ED7BEFC2F89D03EFC
| sub   rsa2048 2019-04-24 [E] [expired: 2020-04-23]
|       33D7C377333450EAA52D7707A6F017388D77A61A
| sub   rsa4096 2019-04-24 [A] [expired: 2020-04-23]
|       D7414716066071449F4C863F12AEEEEFA5742C50
|
| $ gpg --verify icecat-60.7.0-gnu1.tar.bz2.sig
| gpg: assuming signed data in 'icecat-60.7.0-gnu1.tar.bz2'
| gpg: Signature made Sun 02 Jun 2019 04:43:25 PM EDT
| gpg:                using RSA key D7BEFC2F89D03EFC
| gpg: Good signature from "Ruben Rodriguez Perez <ruben@fsf.org>" [unknown]
| gpg:                 aka "Ruben Rodriguez Perez <ruben@gnu.org>" [unknown]
| gpg:                 aka "Ruben Rodriguez Perez <ruben@trisquel.info>" 
[unknown]
| gpg: Note: This key has expired!
| Primary key fingerprint: 318C 679D 94F1 7700 CC84  7DE6 46A7 0073 E4E5 0D4E
|      Subkey fingerprint: B237 DFE8 B602 BC8D 82D9  E37E D7BE FC2F 89D0 3EFC
`----

Hope this helps.

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

bug#42852: sig keys?, al3xu5 / dotcommon, 2020/08/13
- bug#42852: sig keys?, Amin Bandali <=

Prev by Date: bug#42852: sig keys?
Previous by thread: bug#42852: sig keys?
Index(es):
- Date
- Thread