GNU bug report logs - #25572
Signatures on Emacs windows .zip files

Previous Next

Package: emacs;

Reported by: Richard Kettlewell <rjk <at> terraraq.uk>

Date: Sun, 29 Jan 2017 17:45:02 UTC

Severity: minor

Merged with 33456

Done: Nicolas Petton <nicolas <at> petton.fr>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Richard Kettlewell <rjk <at> terraraq.uk>
To: 25572 <at> debbugs.gnu.org
Subject: bug#25572: Signatures on Emacs windows .zip files
Date: Sun, 29 Jan 2017 11:48:55 +0000

Hi,

According to https://www.gnu.org/software/emacs/download.html:

    Since the 24.5 release, tarballs are signed with the GPG key from
    Nicolas Petton 7C207910, fingerprint 28D3 BED8 51FD F3AB 57FE
    F93C 2335 87A4 7C20 7910, which can be found in the GNU keyring.

However the windows .zip files on http://ftp.gnu.org/gnu/emacs are
signed with some other key:

$ gpg2 --verify emacs-25.1-2-x86_64-w64-mingw32.zip.sig
gpg: Signature made 11/29/16 19:54:09 GMT Standard Time using DSA key ID
60C3B396
gpg: Good signature from "Phillip Lord <phillip.lord <at> russet.org.uk>"
gpg:                 aka "Phillip Lord <p.lord <at> russet.org.uk>"
gpg:                 aka "Phillip Lord <p.lord <at> hgmp.mrc.ac.uk>"
gpg:                 aka "Phillip Lord <phillip.lord <at> newcastle.ac.uk>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 8352 2404 7598 ECBC 61A1  DA34 5FE9 658D 60C3 B396

ttfn/rjk

This bug report was last modified 6 years and 178 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #25572 Signatures on Emacs windows .zip files

GNU bug report logs - #25572
Signatures on Emacs windows .zip files