[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [help-texinfo] PGP signature on the texinfo-6.0.tar.xz file
From: |
Marcin Cieslak |
Subject: |
Re: [help-texinfo] PGP signature on the texinfo-6.0.tar.xz file |
Date: |
Tue, 5 Jan 2016 23:21:05 +0000 |
On Tue, 5 Jan 2016, Karl Berry wrote:
> > I have imported PGP keys of the texinfo maintainers from
> > https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=texinfo
>
> As far as I know, there is no particular guarantee that that list of
> keys is meaningful. Apparently it contains keys of all members of the
> texinfo group (which is quite different than "maintainers") on Savannah
> .. at some random time.
> You can see that Gavin is an administrator of the texinfo group at
> https://savannah.gnu.org/projects/texinfo/, and posted the 6.0
> news announcement there.
Yes, I have noticed it only after posting the group. I have browsed
the archives of help-texinfo and bug-texinfo and didn't find
the release annoucement (I am sure I didn't search hard enough).
> At any rate, The only official source of "who is the maintainer" is
> /gd/gnuorg/maintainers on fencepost.gnu.org (which does list Gavin). I
> know that file is not available from the outside (intentionally -- rms's
> decision many years ago), but still, that is the reality.
>
> Anyway, the answer is yes, it is ok and expected that the release
> tarball is signed by Gavin.
Thanks, normally it is difficult to find a canonical list of the
maintainers' keys of the project, but I thought that savannah list
is my best bet.
Maybe the keys of the maintainers from the /gd/gnuorg/maintainers
could be exported automatically to some keyring? (No idea why
it is so secret).
Alternatively, maybe if the keys were cross-signed among the maintainers...
Gavin's key was pretty fresh, had no signatures and had some fancy
address@hidden
account behind it (apologies to Gavin). So I thought I'd rather ask.
Thank you for your time!
Marcin