GNU bug report logs - #20788
24.4; Nicolas Petton's key not included in GNU keyring

Previous Next

Full log

View this message in rfc822 format

From: Nicolas Petton <nicolas <at> petton.fr>
To: "William G. Gardella" <wgg2 <at> member.fsf.org>
Cc: Glenn Morris <rgm <at> gnu.org>, 20788 <at> debbugs.gnu.org
Subject: bug#20788: 24.4; Nicolas Petton's key not included in GNU keyring
Date: Fri, 12 Jun 2015 01:14:49 +0200

[Message part 1 (text/plain, inline)]

William G. Gardella writes:

> Glenn Morris <rgm <at> gnu.org> writes:
>
>> This is a duplicate of http://debbugs.gnu.org/20298.
>>
>> I repeat my comment from http://debbugs.gnu.org/20298#23:
>
> Sorry for duplicating the issue; I should have checked
> for the existing open bug.
>
>> Nobody here can do anything about this, it's a GNU sysadmin issue.
>> It's been reported to them, nothing seems to have happened.
>>
>> If you want to verify the signature, the key is available from standard
>> keyservers, eg pgp.mit.edu. I don't see the value of a keyring that is
>> stored on the same ftp server as the file you want to download.
>
> I disagree that it's of no value; anybody can upload any key to any
> keyserver, but the GNU keyring can be obtained from an HTTPS server with
> a certificate signed by Gandi according to their policies, which,
> while not great, are at least better than the nonexistent verification
> provided by a keyserver.
>
> I will send the report to sysadmin, as apparently no action has been taken
> since late April, when Nicolas's key was supposedly uploaded.

I reported the issue to them several times.  I've been told to just wait
for them to fix it.  I'm waiting.

Nico

[signature.asc (application/pgp-signature, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.