help-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Public key for verifying emacs sources?

From: Eli Zaretskii
Subject: Re: Public key for verifying emacs sources?
Date: Sun, 18 Jul 2021 15:05:03 +0300 
> Date: Sun, 18 Jul 2021 14:38:07 +0300
> From: Jean Louis <bugs@gnu.support>
> Cc: help-gnu-emacs@gnu.org
> 
> * Eli Zaretskii <eliz@gnu.org> [2021-07-18 10:02]:
> > > Date: Sat, 17 Jul 2021 21:44:31 -0400
> > > From: Steve Revilak <steve@srevilak.net>
> > > 
> > > Where can I find a copy of the signing key, so I can verify the source
> > > distribution I've downloaded?
> > 
> > Download the latest gnu-keyring.gpg from
> > https://ftp.gnu.org/gnu/gnu-keyring.gpg, then type:
> > 
> >    gpg --import gnu-keyring.gpg
> > 
> > Then try verifying the signature again.
> 
> Me too, I have done the import and I see large number of keys. While
> it is good that keys are distributed from official GNU.org server,
> there is no published assurance that GNU project verified each key to
> belong to the person it should belong. Thus one shall not forget
> security depends on the weakest part.

Please take this up with the GNU FTP site maintainers.  I didn't
upload my key to any place, I sent them my key and asked for upload
rights.  I don't know what they did with the key.

This issue doesn't belong on this forum anyway.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]