GNU bug report logs - #55666
enhancement request - SHA-256 for emacs downloads

Previous Next

Package: emacs;

Reported by: Ali Elshishini <shishini <at> outlook.com>

Date: Thu, 26 May 2022 20:27:02 UTC

Severity: wishlist

Tags: wontfix

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

Message #33 received at 55666 <at> debbugs.gnu.org (full text, mbox):

From: Ali Elshishini <shishini <at> outlook.com>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: "larsi <at> gnus.org" <larsi <at> gnus.org>, "corwin <at> bru.st" <corwin <at> bru.st>,
 "55666 <at> debbugs.gnu.org" <55666 <at> debbugs.gnu.org>
Subject: Re: bug#55666: enhancement request - SHA-256 for emacs downloads
Date: Sat, 28 May 2022 19:17:49 +0000

[Message part 1 (text/plain, inline)]
Thanks All

But again, verifying the signature on windows doesn't seem to instill confidence at all
Corvwin  doesnt have a certified key
I am not a certificate expert, so I dont know how all of this works

So,  I still hope Corwin or the Windows Binaries volunteers will still be able to provide
SHA-256 hashes

PS C:\downloads> C:\"Program Files (x86)"\GnuPG\bin\gpg --keyserver keyserver.ubuntu.com --recv-keys ECE77CF417C76C1ACFCE7C2B5B6135511580F007
gpg: key 5B6135511580F007: public key "Corwin Brust <corwin <at> bru.st>" imported
gpg: Total number processed: 1
gpg:               imported: 1

PS C:\downloads> C:\"Program Files (x86)"\GnuPG\bin\gpg --verify .\emacs-28.1.zip.sig
gpg: assuming signed data in '.\emacs-28.1.zip'
gpg: Signature made 2022-04-21 4:11:30 PM Eastern Daylight Time
gpg:                using RSA key ECE77CF417C76C1ACFCE7C2B5B6135511580F007
gpg: Good signature from "Corwin Brust <corwin <at> bru.st>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: ECE7 7CF4 17C7 6C1A CFCE  7C2B 5B61 3551 1580 F007


Regards
Ali
________________________________
From: Eli Zaretskii <eliz <at> gnu.org>
Sent: May 28, 2022 3:06 PM
To: Ali Elshishini <shishini <at> outlook.com>
Cc: corwin <at> bru.st <corwin <at> bru.st>; larsi <at> gnus.org <larsi <at> gnus.org>; 55666 <at> debbugs.gnu.org <55666 <at> debbugs.gnu.org>
Subject: Re: bug#55666: enhancement request - SHA-256 for emacs downloads

> From: Ali Elshishini <shishini <at> outlook.com>
> CC: "larsi <at> gnus.org" <larsi <at> gnus.org>, "55666 <at> debbugs.gnu.org"
>        <55666 <at> debbugs.gnu.org>
> Date: Sat, 28 May 2022 17:14:26 +0000
>
> Also can you please share your version of this command
>
> gpg --keyserver keyserver.ubuntu.com --recv-keys 17E90D521672C04631B1183EE78DAE0F3115E06B

That's easy: you need to use the correct key signature.  The signature
is shown on the download page:

   ECE7 7CF4 17C7 6C1A CFCE 7C2B 5B61 3551 1580 F007


[Message part 2 (text/html, inline)]
This bug report was last modified 2 years and 359 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.