[cmucl-help] Re: OpenPGP key 0xB4900DBC
Raymond Toy
toy.raymond at gmail.com
Mon Mar 15 14:54:00 CET 2010
On 3/14/10 3:35 PM, Lasse Kliemann wrote:
> * Message by -Raymond Toy- from Sun 2010-03-14:
>
>
> I meant only users, not developers. Of course you care. But these
> tarballs have been online for months and obviously I am the first
> user to notice that their signatures cannot be verified.
>
I confess that I rarely, if ever, very the signatures of tarballs that I
download.
> Yes, I can try the snapshot. I did so yesterday night, but could
> also not download one of the keys used to sign them. Today it
> works. I've got the files (SHA1 again):
>
I uploaded my key to subkeys.pgp.net late yesterday.
> da85bd1b4390a913075c9213e6ac237b40496de1 cmucl-2010-03-sparcv9-solaris10.tar.bz2
> 3bdc7debb828b3bcf4639976e6de72ece85d6437 cmucl-2010-03-x86-linux.tar.bz2
> 71ee45f7ae248ec1aa9e387f1f9cf2ef7022719c cmucl-src-2010-03.tar.bz2
>
Those match what I get on my master copies.
> They have good signatures made with keys
>
> 1D48 9A97 8199 21A0 97EE 297D 2792 2352 6819 3BB2
>
> and
>
> 0EF5 0ED5 5514 BFF6 B72B 9DAC 06CE 3819 086C 750B
>
I wonder why there were two keys used? I think I need to be consistent
and sign the tarballs all on one machine (or copy my keys to the
appropriate machines).
Thanks for testing these!
Ray
More information about the cmucl-help
mailing list