----- "Olly Betts" <olly@xxxxxxxxxx> wrote: > > gpg --keyserver keys.gnupg.net --recv-keys 2527436A > > Hi Eric, > > While your announcement was signed with a key with that fingerprint, > the > tarball I downloaded was signed with a key with fingerprint F4850180: > > http://ftpmirror.gnu.org/autoconf/autoconf-2.66.tar.bz2 > > 2527436A and F4850180 seem to be cross-signed, which makes foul play > an > unlikely explanation (it looks like F4850180 is an old SHA1 key you > are > in the process of replacing), You are correct - my new key is not yet integrated into the upload process, so I had to fall back to my old key at the last minute (after my announcement email had already been composed). The v2.66 tag in autoconf.git, however, is signed by the new key, and I will be fixing things so that 2.67 will be correctly signed by the new key all around (and given the nature of the regressions in 2.66, it looks like 2.67 is due within a month or so). -- Eric Blake eblake@xxxxxxxxxx +1-801-349-2682 Libvirt virtualization library http://libvirt.org _______________________________________________ Autoconf mailing list Autoconf@xxxxxxx http://lists.gnu.org/mailman/listinfo/autoconf
