GNU bug report logs - #20788
24.4; Nicolas Petton's key not included in GNU keyring

Previous Next

Package: emacs;

Reported by: William G. Gardella <wgg2 <at> member.fsf.org>

Date: Thu, 11 Jun 2015 21:12:02 UTC

Severity: normal

Tags: fixed

Merged with 20298

Found in version 24.4

Done: npostavs <at> users.sourceforge.net

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: William G. Gardella <wgg2 <at> member.fsf.org>
To: Glenn Morris <rgm <at> gnu.org>
Cc: 20788 <at> debbugs.gnu.org
Subject: bug#20788: 24.4; Nicolas Petton's key not included in GNU keyring
Date: Thu, 11 Jun 2015 21:50:32 +0000

Glenn Morris <rgm <at> gnu.org> writes:

> This is a duplicate of http://debbugs.gnu.org/20298.
>
> I repeat my comment from http://debbugs.gnu.org/20298#23:

Sorry for duplicating the issue; I should have checked
for the existing open bug.

> Nobody here can do anything about this, it's a GNU sysadmin issue.
> It's been reported to them, nothing seems to have happened.
>
> If you want to verify the signature, the key is available from standard
> keyservers, eg pgp.mit.edu. I don't see the value of a keyring that is
> stored on the same ftp server as the file you want to download.

I disagree that it's of no value; anybody can upload any key to any
keyserver, but the GNU keyring can be obtained from an HTTPS server with
a certificate signed by Gandi according to their policies, which,
while not great, are at least better than the nonexistent verification
provided by a keyserver.

I will send the report to sysadmin, as apparently no action has been taken
since late April, when Nicolas's key was supposedly uploaded.
This bug report was last modified 8 years and 288 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.