binutils-2.30.tar.xz.sig uses unpublished key
John Darrington
john@darrington.wattle.id.au
Sun Jan 28 16:34:00 GMT 2018
On Sun, Jan 28, 2018 at 10:36:24AM +0700, Somchai Smythe wrote:
binutils-2.30.tar.xz.sig uses a key that is not on any public
keyservers I could find
gpg2 --verify binutils-2.30.tar.xz.sig binutils-2.30.tar.xz
gpg: Signature made Sat 27 Jan 2018 10:39:36 PM +07
gpg: using RSA key 8CC5D97DEDD6A491
gpg: Can't check signature: No public key
gpg2 --keyserver hkp://pool.sks-keyservers.net/ --recv-keys 0x8CC5D97DEDD6A491
gpg: keyserver receive failed: No data
gpg2 --keyserver hkp://keys.fedoraproject.org/ --recv-keys 0x8CC5D97DEDD6A491
gpg: keyserver receive failed: No data
gpg2 --keyserver hkp://keys.gnupg.net/ --recv-keys 0x8CC5D97DEDD6A491
gpg: keyserver receive failed: No data
gpg2 --keyserver hkp://keyserver.ubuntu.com/ --recv-keys 0x8CC5D97DEDD6A491
gpg: keyserver receive failed: No data
Where are we supposed to get the public key from?
The public keys for all released GNU tarballs can be found at
https://ftp.gnu.org/gnu/gnu-keyring.gpg
Obviously you should not trust any signature unless the key is in a WOT that
you are personally satisfied with.
J'
--
Avoid eavesdropping. Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3
fingerprint = 8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <https://sourceware.org/pipermail/binutils/attachments/20180128/339f06da/attachment.sig>
More information about the Binutils
mailing list