Re: [Exim] Public key for signed tarballs?

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Jim Knoble
Data:  
Para: Exim Users Mailing List
Assunto: Re: [Exim] Public key for signed tarballs?
Circa 2002-12-19 10:31:51 -0500 dixit John Dalbec:

: I noticed that the exim-4.12 tarballs have been signed. Whose public
: key was used and where do I get it?
: Thanks,
: John Dalbec

These are the keys i have listed for Philip:

  $ gpg --list-keys --fingerprint --verbose 'Philip Hazel'
  pub  2048R/FB0F43D8 2002-10-21 Philip Hazel <ph10@???>
       Key fingerprint = 45F6 8D54 BBE2 3FB3 039B  46E5 9766 E084 FB0F 43D8
  sig        FB0F43D8 2002-10-21  Philip Hazel <ph10@???>
  sig        84C71B6E 2002-10-31  Tony Finch <dot@???>
  sub  2048R/ECFA4A69 2002-10-21
  sig        FB0F43D8 2002-10-21  Philip Hazel <ph10@???>


$

One of the key IDs corresponds to the one Philip announced at the end
of October:

: From: Philip Hazel <ph10@???>
: To: exim-users@???
: Message-ID: <Pine.SOL.4.44.0210311246400.18005-100000@???>
: Subject: [Exim] Snapshot for GnuTLS testing
: Date: Thu, 31 Oct 2002 12:48:37 +0000 (GMT)
:
: [...]
: I have now equipped myself with GnuPG, and so I have signed the
: snapshot. I would like people to confirm whether I have done this
: correctly. You won't be able to trust the signature because my key
: has not been signed by anybody else, though I can offer (below) a
: signed letter from Ross Anderson, confirming that my GPG key
: fingerprint is as follows:
:
: pub  2048R/FB0F43D8 2002-10-21 Philip Hazel <ph10@???>
:      Key fingerprint = 45F6 8D54 BBE2 3FB3 039B  46E5 9766 E084 FB0F 43D8
:      uid                       Philip Hazel <ph10@???>


The weird thing is that it was listed on the keyserver under a
different ID. Perhaps the keyservers don't grok 2048-bit RSA keys
properly?

--
jim knoble | jmknoble@??? | http://www.pobox.com/~jmknoble/
(GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491)
"I am non-refutable." --Enik the Altrusian