[cmucl-help] Re: OpenPGP key 0xB4900DBC
lasse-list-cmucl-help-2010 at mail.plastictree.net
Sun Mar 14 15:36:03 CET 2010
* Message by -Raymond Toy- from Sun 2010-03-14:
> On 3/14/10 7:20 AM, Lasse Kliemann wrote:
> > * Message by -Raymond Toy- from Sat 2010-03-13:
> >> On 3/13/10 9:17 PM, Lasse Kliemann wrote:
> >>> Can someone please point me to OpenPGP key 0xB4900DBC?
> >>> It was used to sign the 20a release, but I haven't found it
> >>> anywhere. It seems to be on no keyserver.
> >> Is this for the FreeBSD binaries?
> > It is (at least) for Linux and Solaris binaries and for the
> > source code, i.e., these files:
> > cmucl-20a-x86-linux.tar.bz2
> > cmucl-20a-sparcv9-solaris8.tar.bz2
> > cmucl-src-20a.tar.bz2
> Hmm. I made those binaries. I guess I never uploaded the key anywhere,
> and, unfortunately, I no longer have access to the machine that I used
> to sign these. I thought I saved those keys to my current machine but
> it seems that I didn't.
Now you know that I'm the only user that cares about signatures. :-)
I know that it's an "approximate security" thing anyway. But at
least I can gain statements like: "Release n was signed by the
same authority that signed release n-1, and release n-1 did not
look manipulated to me after using it for some time."
> If you are concerned about these, I can generate new binaries and
> signatures for these files. It will take some time to do, though.
So you don't have "master copies" of those files around? We could
just compare checksums then:
Otherwise, if you say that you don't see any indication that
those files have been manipulated, that would suffice as well.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 835 bytes
Desc: not available
More information about the cmucl-help