On a Thursday in 2021, Jiri Denemark wrote:
While the key is available on public GPG key servers, having it locally at https://libvirt.org/sources/gpg_key.asc is even better.
I don't remember where but I think someone was trying to find the key used to sign libvirt-glib. Also, Pavel uses his key to sign libvirt-dbus releases. We could reflect that in the naming scheme to put their keys there too. Or put all the keys in gpg_keys.asc, like GnuPG does: https://gnupg.org/signature_key.html I also noticed that we have empty folders there (csharp, go, ruby, rust) and that the 'old' release folder was not "updated" in a while.
Signed-off-by: Jiri Denemark <jdenemar@xxxxxxxxxx>
---
docs/downloads.html.in | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/docs/downloads.html.in b/docs/downloads.html.in
index ca14b3ecba..90a0cf7717 100644
--- a/docs/downloads.html.in
+++ b/docs/downloads.html.in
@@ -608,7 +608,9 @@ git clone git://libvirt.org/[module name].git</pre>
on this project site are signed with a GPG signature. You should always
verify the package signature before using the source to compile binary
packages. The following key is currently used to generate the GPG
- signatures:
+ signatures and it can be
+ <a href="https://libvirt.org/sources/gpg_key.asc";>downloaded</a> from this
+ site or from public GPG key servers:
Reviewed-by: Ján Tomko <jtomko@xxxxxxxxxx> Jano
</p>
<pre>
pub 4096R/10084C9C 2020-07-20 Jiří Denemark <jdenemar@xxxxxxxxxx>
--
2.31.1
Attachment:
signature.asc
Description: PGP signature
