Guido, On Thu, Apr 11, 2019 at 11:10 AM Guido Günther <agx@xxxxxxxxxxx> wrote: > > Hi, > Older libosinfo releases were signed with Daniel's key: > > $ gpg --verify libosinfo_1.2.0.orig.tar.gz.asc > gpg: assuming signed data in 'libosinfo_1.2.0.orig.tar.gz' > gpg: Signature made Mi 20 Jun 2018 11:46:42 CEST > gpg: using RSA key 0xBE86EBB415104FDF > gpg: Good signature from "Daniel P. Berrange <dan@xxxxxxxxxxxx>" [unknown] > gpg: aka "Daniel P. Berrange <berrange@xxxxxxxxxx>" [unknown] > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the owner. > Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF > > And this key can be found on keyservers > > https://pgp.surfnet.nl/pks/lookup?search=0xBE86EBB415104FDF&fingerprint=on&op=index > > 1.4.0 seems to use a different key > > $ gpg --verify libosinfo-1.4.0.tar.gz.asc > gpg: assuming signed data in 'libosinfo-1.4.0.tar.gz' > gpg: Signature made Fr 01 Mär 2019 17:01:14 CET > gpg: using RSA key 09B9C8FF223EF113AFA06A39EE926C2BDACC177B > gpg: Can't check signature: No public key > > However i can't find that key on keyservers nor mentioned on > https://libosinfo.org/ nor at https://releases.pagure.org/libosinfo/. > > Can you point me to the signing key? Hmm. That's my fault. I've added the whole fingerprint, while I should have just added 0xDACC177B Note taken for the next release. Here's the link for the key: http://hkps.pool.sks-keyservers.net/pks/lookup?search=0xDACC177B&fingerprint=on&op=index Best Regards, -- Fabiano Fidêncio _______________________________________________ Libosinfo mailing list Libosinfo@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libosinfo
