GNU bug report logs - #33456
Signatures of Windows downloads

Previous Next

Package: emacs;

Reported by: "Benjamin Kästner" <benjamin.kaestner <at> googlemail.com>

Date: Wed, 21 Nov 2018 18:09:01 UTC

Severity: minor

Merged with 25572

Done: Nicolas Petton <nicolas <at> petton.fr>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Nicolas Petton <nicolas <at> petton.fr>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#25572: closed (Signatures on Emacs windows .zip files)
Date: Fri, 23 Nov 2018 10:19:03 +0000

[Message part 1 (text/plain, inline)]
Your message dated Fri, 23 Nov 2018 11:18:00 +0100
with message-id <874lc885d3.fsf <at> petton.fr>
and subject line Re: Status: Signatures of Windows downloads
has caused the debbugs.gnu.org bug report #33456,
regarding Signatures on Emacs windows .zip files
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
33456: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=33456
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Richard Kettlewell <rjk <at> terraraq.uk>
To: bug-gnu-emacs <at> gnu.org
Subject: Signatures on Emacs windows .zip files
Date: Sun, 29 Jan 2017 11:48:55 +0000

Hi,

According to https://www.gnu.org/software/emacs/download.html:

    Since the 24.5 release, tarballs are signed with the GPG key from
    Nicolas Petton 7C207910, fingerprint 28D3 BED8 51FD F3AB 57FE
    F93C 2335 87A4 7C20 7910, which can be found in the GNU keyring.

However the windows .zip files on http://ftp.gnu.org/gnu/emacs are
signed with some other key:

$ gpg2 --verify emacs-25.1-2-x86_64-w64-mingw32.zip.sig
gpg: Signature made 11/29/16 19:54:09 GMT Standard Time using DSA key ID
60C3B396
gpg: Good signature from "Phillip Lord <phillip.lord <at> russet.org.uk>"
gpg:                 aka "Phillip Lord <p.lord <at> russet.org.uk>"
gpg:                 aka "Phillip Lord <p.lord <at> hgmp.mrc.ac.uk>"
gpg:                 aka "Phillip Lord <phillip.lord <at> newcastle.ac.uk>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 8352 2404 7598 ECBC 61A1  DA34 5FE9 658D 60C3 B396

ttfn/rjk



[Message part 3 (message/rfc822, inline)]
From: Nicolas Petton <nicolas <at> petton.fr>
To: bug#33456 <33456 <at> debbugs.gnu.org>
Cc: 33456-done <at> debbugs.gnu.org
Subject: Re: Status: Signatures of Windows downloads
Date: Fri, 23 Nov 2018 11:18:00 +0100

bug#33456 <33456 <at> debbugs.gnu.org> writes:

I updated the website with Phillip's key for Windows downloads, so I'm
closing this issue.
<#secure method=pgpmime mode=sign>
This bug report was last modified 6 years and 176 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.