() Zack Weinberg <zackw@xxxxxxxxx>
() Sun, 4 Oct 2020 12:25:19 -0400
Key BF156B83E4D5AD06AF3A0C2C384F8E68AC65B0D5 is exclusively used for
signing Git commit records. [...]
I uploaded those keys to the keyservers as well, so that people could
easily validate the signatures on my commit records, but I thought I
had arranged things so that they wouldn't take precedence over ...AA64
in searches by email address. It seems I was wrong:
$ gpg --auto-key-locate keyserver --locate-keys zackw@xxxxxxxxx
pub ed25519 2018-07-23 [SC]
BF156B83E4D5AD06AF3A0C2C384F8E68AC65B0D5
uid [ full ] Zack Weinberg (code signing / moxana) <zackw@xxxxxxxxx>
I presume this is how Thien-Thi got the wrong key.
I followed the instructions in the release notice, which
mentions BF156B83E4D5AD06AF3A0C2C384F8E68AC65B0D5 by a shorter
name:
> If that command fails because you don't have the required
> public key, then run this command to import it:
>
> gpg --keyserver keys.gnupg.net --recv-keys 384F8E68AC65B0D5
Probably it would suffice to followup on that thread, naming the
desired key (short or full) to be downloaded, for others to see.
--
Thien-Thi Nguyen
Attachment:
signature.asc
Description: PGP signature
