GNU bug report logs - #25572
Signatures on Emacs windows .zip files

Previous Next

Full log

View this message in rfc822 format

From: "Phillip Lord" <phillip.lord <at> russet.org.uk>
To: "Richard Kettlewell" <rjk <at> terraraq.uk>
Cc: 25572 <at> debbugs.gnu.org
Subject: bug#25572: Signatures on Emacs windows .zip files
Date: Sun, 29 Jan 2017 20:56:06 -0000

On Sun, January 29, 2017 11:48 am, Richard Kettlewell wrote:
> According to https://www.gnu.org/software/emacs/download.html:
>
>
> Since the 24.5 release, tarballs are signed with the GPG key from
> Nicolas Petton 7C207910, fingerprint 28D3 BED8 51FD F3AB 57FE
> F93C 2335 87A4 7C20 7910, which can be found in the GNU keyring.
>
>
> However the windows .zip files on http://ftp.gnu.org/gnu/emacs are
> signed with some other key:
>
> $ gpg2 --verify emacs-25.1-2-x86_64-w64-mingw32.zip.sig
> gpg: Signature made 11/29/16 19:54:09 GMT Standard Time using DSA key ID
> 60C3B396
> gpg: Good signature from "Phillip Lord <phillip.lord <at> russet.org.uk>"
> gpg:                 aka "Phillip Lord <p.lord <at> russet.org.uk>"
> gpg:                 aka "Phillip Lord <p.lord <at> hgmp.mrc.ac.uk>"
> gpg:                 aka "Phillip Lord <phillip.lord <at> newcastle.ac.uk>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the
> owner. Primary key fingerprint: 8352 2404 7598 ECBC 61A1  DA34 5FE9 658D
> 60C3 B396


Thanks for pointing this out. The key is mine. I didn't know about that
statement on the website, and you are correct that it is rather
asymmetric.

I need to update the key anyway, and will get the website updated after that.

Phil

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.