[bug#29540] [PATCH] gnu: spice: Update to 0.14.0.

guix-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#29540] [PATCH] gnu: spice: Update to 0.14.0.

From:	Ricardo Wurmus
Subject:	[bug#29540] [PATCH] gnu: spice: Update to 0.14.0.
Date:	Sun, 03 Dec 2017 23:45:51 +0100
User-agent:	mu4e 0.9.18; emacs 25.3.1

Andy Patterson <address@hidden> writes:

>> $ gpg --verify
>> spice-0.14.0.tar.bz2.sign gpg: assuming signed data in
>> 'spice-0.14.0.tar.bz2' gpg: Signature made Wed 11 Oct 2017 07:33:58
>> AM EDT gpg:                using RSA key
>> 94A9F75661F77A6168649B23A9D8C21429AC6C82 gpg: Good signature from
>> "Christophe Fergeau (teuf) <address@hidden>" [unknown]
>> gpg:                 aka "Christophe Fergeau
>> <address@hidden>" [unknown] gpg:                 aka "Christophe
>> Fergeau <address@hidden>" [unknown] gpg:                 aka
>> "Christophe Fergeau <address@hidden>" [unknown] gpg: WARNING:
>> This key is not certified with a trusted signature! gpg:
>> There is no indication that the signature belongs to the owner.
>> Primary key fingerprint: 94A9 F756 61F7 7A61 6864  9B23 A9D8 C214
>> 29AC 6C82 ------
>>
>
> Ooh, thanks.
>
>> We can be reasonably sure that someone with that private key signed
>> the tarball. Now, is it the right key? Hopefully the upstream
>> documentation says which keys are considered "authorized" to sign
>> Spice releases.
>
> I didn't find anything. *shrugs*

Here’s the release announcement:

   
https://lists.freedesktop.org/archives/spice-announce/2017-October/000061.html

It is a signed message by Christophe Fergeau, but I haven’t been able to
verify the signature.  The message could have been mangled by the
mailing list.

According to https://cgit.freedesktop.org/spice/spice/log/NEWS
Christophe Fergeau has handled the previous release as well, and the
same person is listed as the current maintainer.  The “v0.14.0” tag is
signed with the same key:

--8<---------------cut here---------------start------------->8---
git verify-tag v0.14.0
gpg: Signature made Wed 11 Oct 2017 10:36:45 AM CEST
gpg:                using RSA key A9D8C21429AC6C82
gpg: Good signature from "Christophe Fergeau (teuf) <address@hidden>" [unknown]
gpg:                 aka "Christophe Fergeau <address@hidden>" [unknown]
gpg:                 aka "Christophe Fergeau <address@hidden>" [unknown]
gpg:                 aka "Christophe Fergeau <address@hidden>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 94A9 F756 61F7 7A61 6864  9B23 A9D8 C214 29AC 6C82
--8<---------------cut here---------------end--------------->8---


--
Ricardo

GPG: BCA6 89B6 3655 3801 C3C6  2150 197A 5888 235F ACAC
https://elephly.net

[Prev in Thread]

Current Thread

[Next in Thread]

[bug#29540] [PATCH] gnu: spice: Update to 0.14.0., Andy Patterson, 2017/12/02
- [bug#29540] [PATCH] gnu: spice: Update to 0.14.0., Leo Famulari, 2017/12/02
  - [bug#29540] [PATCH] gnu: spice: Update to 0.14.0., Andy Patterson, 2017/12/03
    - [bug#29540] [PATCH] gnu: spice: Update to 0.14.0., Ricardo Wurmus <=
    - [bug#29540] [PATCH] gnu: spice: Update to 0.14.0., Leo Famulari, 2017/12/04
- bug#29540: [PATCH] gnu: spice: Update to 0.14.0., Leo Famulari, 2017/12/04

Prev by Date: [bug#29547] [PATCH] gnu: readline: Update to 7.0.3.
Next by Date: bug#29534: [PATCH] gnu: you-get: Update to 0.4.990.
Previous by thread: [bug#29540] [PATCH] gnu: spice: Update to 0.14.0.
Next by thread: [bug#29540] [PATCH] gnu: spice: Update to 0.14.0.
Index(es):
- Date
- Thread