[cmucl-help] Re: OpenPGP key 0xB4900DBC
Raymond Toy
toy.raymond at gmail.com
Sun Mar 14 20:02:37 CET 2010
On 3/14/10 10:36 AM, Lasse Kliemann wrote:
> * Message by -Raymond Toy- from Sun 2010-03-14:
>
>> On 3/14/10 7:20 AM, Lasse Kliemann wrote:
>>
>>> * Message by -Raymond Toy- from Sat 2010-03-13:
>>>
>>>
>>>> On 3/13/10 9:17 PM, Lasse Kliemann wrote:
>>>>
>>>>
>>>>> Can someone please point me to OpenPGP key 0xB4900DBC?
>>>>>
>>>>> It was used to sign the 20a release, but I haven't found it
>>>>> anywhere. It seems to be on no keyserver.
>>>>>
>>>>>
>>>>>
>>>> Is this for the FreeBSD binaries?
>>>>
>>>>
>>> It is (at least) for Linux and Solaris binaries and for the
>>> source code, i.e., these files:
>>>
>>> cmucl-20a-x86-linux.tar.bz2
>>> cmucl-20a-sparcv9-solaris8.tar.bz2
>>> cmucl-src-20a.tar.bz2
>>>
>>>
>> Hmm. I made those binaries. I guess I never uploaded the key anywhere,
>> and, unfortunately, I no longer have access to the machine that I used
>> to sign these. I thought I saved those keys to my current machine but
>> it seems that I didn't.
>>
> Now you know that I'm the only user that cares about signatures. :-)
>
Well, if we didn't care, we wouldn't have signed them. :-) But it's my
fault for not copying my keys to another machine.
>> If you are concerned about these, I can generate new binaries and
>> signatures for these files. It will take some time to do, though.
>>
> So you don't have "master copies" of those files around? We could
> just compare checksums then:
>
> e88dd79bdecf17c2670f5b7aa430cc0414acfde2 cmucl-20a-sparcv9-solaris8.tar.bz2
> f9b3141f9298abe1f69cbb88938ff96a12445eb6 cmucl-20a-x86-linux.tar.bz2
> 4381905b212678f7953920abb49bf24e822d1ace cmucl-src-20a.tar.bz2
>
Since I don't have access to the machines that built the sparc and linux
binaries, I don't have master copies anymore. I do have a master copy
of all the Mac OS X builds, though.
What method did you use to compute the checksums? I downloaded
cmucl-src-20a.tar.bz2 and the md5 sum is
e3e1daa3631d38ed3c3e7601d798aba1.
If you don't necessarily need the 20a release, could you try the 2010-03
(or 02) snapshot? I have master copies of those binaries.
> Otherwise, if you say that you don't see any indication that
> those files have been manipulated, that would suffice as well.
>
>
I can't guarantee they haven't been changed. The snapshots after
2009-12 should match what I built since I uploaded those from the
machines I have access to. I haven't verified the signatures, though.
Ray
More information about the cmucl-help
mailing list