[cmucl-help] Re: OpenPGP key 0xB4900DBC

Raymond Toy toy.raymond at gmail.com
Sun Mar 14 20:02:37 CET 2010 

On 3/14/10 10:36 AM, Lasse Kliemann wrote:
> * Message by -Raymond Toy- from Sun 2010-03-14:
>   
>> On 3/14/10 7:20 AM, Lasse Kliemann wrote:
>>     
>>> * Message by -Raymond Toy- from Sat 2010-03-13:
>>>   
>>>       
>>>> On 3/13/10 9:17 PM, Lasse Kliemann wrote:
>>>>     
>>>>         
>>>>> Can someone please point me to OpenPGP key 0xB4900DBC? 
>>>>>
>>>>> It was used to sign the 20a release, but I haven't found it 
>>>>> anywhere. It seems to be on no keyserver.
>>>>>   
>>>>>       
>>>>>           
>>>> Is this for the FreeBSD binaries?
>>>>     
>>>>         
>>> It is (at least) for Linux and Solaris binaries and for the 
>>> source code, i.e., these files:
>>>
>>> cmucl-20a-x86-linux.tar.bz2
>>> cmucl-20a-sparcv9-solaris8.tar.bz2
>>> cmucl-src-20a.tar.bz2
>>>   
>>>       
>> Hmm.  I made those binaries.  I guess I never uploaded the key anywhere,
>> and, unfortunately, I no longer have access to the machine that I used
>> to sign these.  I thought I saved those keys to my current machine but
>> it seems that I didn't.
>>     
> Now you know that I'm the only user that cares about signatures. :-)
>   
Well, if we didn't care, we wouldn't have signed them. :-)  But it's my
fault for not copying my keys to another machine.

>> If you are concerned about these, I can generate new binaries and
>> signatures for these files.  It will take some time to do, though.
>>     
> So you don't have "master copies" of those files around? We could 
> just compare checksums then:
>
> e88dd79bdecf17c2670f5b7aa430cc0414acfde2  cmucl-20a-sparcv9-solaris8.tar.bz2
> f9b3141f9298abe1f69cbb88938ff96a12445eb6  cmucl-20a-x86-linux.tar.bz2
> 4381905b212678f7953920abb49bf24e822d1ace  cmucl-src-20a.tar.bz2
>   

Since I don't have access to the machines that built the sparc and linux
binaries, I don't have master copies anymore.   I do have a master copy
of all the Mac OS X builds, though.

What method did you use to compute the checksums?  I downloaded
cmucl-src-20a.tar.bz2 and the md5 sum is
e3e1daa3631d38ed3c3e7601d798aba1.

If you don't necessarily need the 20a release, could you try the 2010-03
(or 02) snapshot?  I have master copies of those binaries.


> Otherwise, if you say that you don't see any indication that 
> those files have been manipulated, that would suffice as well.
>
>   
I can't guarantee they haven't been changed.  The snapshots after
2009-12 should match what I built since I uploaded those from the
machines I have access to.  I haven't verified the signatures, though.

Ray

More information about the cmucl-help mailing list