[Libosinfo] libosinfo signatures

Fabiano Fidêncio fidencio at redhat.com
Thu Apr 11 09:39:51 UTC 2019


Guido,

On Thu, Apr 11, 2019 at 11:10 AM Guido Günther <agx at sigxcpu.org> wrote:
>
> Hi,
> Older libosinfo releases were signed with Daniel's key:
>
> $ gpg --verify libosinfo_1.2.0.orig.tar.gz.asc
> gpg: assuming signed data in 'libosinfo_1.2.0.orig.tar.gz'
> gpg: Signature made Mi 20 Jun 2018 11:46:42 CEST
> gpg:                using RSA key 0xBE86EBB415104FDF
> gpg: Good signature from "Daniel P. Berrange <dan at berrange.com>" [unknown]
> gpg:                 aka "Daniel P. Berrange <berrange at redhat.com>" [unknown]
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the owner.
> Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E  8E3F BE86 EBB4 1510 4FDF
>
> And this key can be found on keyservers
>
>     https://pgp.surfnet.nl/pks/lookup?search=0xBE86EBB415104FDF&fingerprint=on&op=index
>
> 1.4.0 seems to use a different key
>
> $ gpg --verify libosinfo-1.4.0.tar.gz.asc
> gpg: assuming signed data in 'libosinfo-1.4.0.tar.gz'
> gpg: Signature made Fr 01 Mär 2019 17:01:14 CET
> gpg:                using RSA key 09B9C8FF223EF113AFA06A39EE926C2BDACC177B
> gpg: Can't check signature: No public key
>
> However i can't find that key on keyservers nor mentioned on
> https://libosinfo.org/ nor at https://releases.pagure.org/libosinfo/.
>
> Can you point me to the signing key?

Hmm. That's my fault.
I've added the whole fingerprint, while I should have just added 0xDACC177B
Note taken for the next release.

Here's the link for the key:
http://hkps.pool.sks-keyservers.net/pks/lookup?search=0xDACC177B&fingerprint=on&op=index

Best Regards,
-- 
Fabiano Fidêncio




More information about the Libosinfo mailing list