[cmucl-help] Re: OpenPGP key 0xB4900DBC

Lasse Kliemann lasse-list-cmucl-help-2010 at mail.plastictree.net
Sun Mar 14 15:36:03 CET 2010 

* Message by -Raymond Toy- from Sun 2010-03-14:
> On 3/14/10 7:20 AM, Lasse Kliemann wrote:
> > * Message by -Raymond Toy- from Sat 2010-03-13:
> >   
> >> On 3/13/10 9:17 PM, Lasse Kliemann wrote:
> >>     
> >>> Can someone please point me to OpenPGP key 0xB4900DBC? 
> >>>
> >>> It was used to sign the 20a release, but I haven't found it 
> >>> anywhere. It seems to be on no keyserver.
> >>>   
> >>>       
> >> Is this for the FreeBSD binaries?
> >>     
> > It is (at least) for Linux and Solaris binaries and for the 
> > source code, i.e., these files:
> >
> > cmucl-20a-x86-linux.tar.bz2
> > cmucl-20a-sparcv9-solaris8.tar.bz2
> > cmucl-src-20a.tar.bz2
> >   
> Hmm.  I made those binaries.  I guess I never uploaded the key anywhere,
> and, unfortunately, I no longer have access to the machine that I used
> to sign these.  I thought I saved those keys to my current machine but
> it seems that I didn't.

Now you know that I'm the only user that cares about signatures. :-)

I know that it's an "approximate security" thing anyway. But at 
least I can gain statements like: "Release n was signed by the 
same authority that signed release n-1, and release n-1 did not 
look manipulated to me after using it for some time."

> If you are concerned about these, I can generate new binaries and
> signatures for these files.  It will take some time to do, though.

So you don't have "master copies" of those files around? We could 
just compare checksums then:

e88dd79bdecf17c2670f5b7aa430cc0414acfde2  cmucl-20a-sparcv9-solaris8.tar.bz2
f9b3141f9298abe1f69cbb88938ff96a12445eb6  cmucl-20a-x86-linux.tar.bz2
4381905b212678f7953920abb49bf24e822d1ace  cmucl-src-20a.tar.bz2

Otherwise, if you say that you don't see any indication that 
those files have been manipulated, that would suffice as well.

Thank you!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.zs64.net/mailman-archive/cmucl-help/attachments/20100314/58ce3102/attachment.bin>

More information about the cmucl-help mailing list