Hello, al3xu5 / dotcommon writes:
> Hi > > I have dowloaded the latest 60.7.0 sources, and its .sig file. > > When checking the signature I have: > ~~~ > $ gpg --verify icecat-60.7.0-gnu1.tar.bz2.sig > gpg: assuming signed data in 'icecat-60.7.0-gnu1.tar.bz2' > gpg: Signature made dom 02 giu 2019 22:43:25 CEST > gpg: using RSA key D7BEFC2F89D03EFC > gpg: Cannot verify signature: No public key > ~~~ > > I suppose the sources were signed using a different key than that for > previous version... > > But I cannot find any reference about this in the usual places: > https://www.gnu.org/software/gnuzilla/ > https://ftp.gnu.org/gnu/gnuzilla/60.7.0/ > https://git.savannah.gnu.org/cgit/gnuzilla.git > https://libreplanet.org/wiki/Group:IceCat/ > > Please anyone could help? > Thanks in advance. > > > al3xu5 The tarball was signed using Rubén's (currently-expired) key, available from his Savannah profile [0], and the GNU maintainers keyring [1]. Since the key and its subkeys are currently expired, you need to specify the `show-unusable-subkeys' list option in order for gpg to show the subkeys, including the signing subkey (denoted with [S]), as shown below. [0]: https://savannah.gnu.org/users/rubenquidam [1]: https://ftp.gnu.org/gnu/gnu-keyring.gpg ,---- | $ gpg --list-key --with-subkey-fingerprints \ | --list-options show-unusable-subkeys \ | 318C679D94F17700CC847DE646A70073E4E50D4E | pub rsa4096 2019-04-24 [C] | 318C679D94F17700CC847DE646A70073E4E50D4E | uid [ unknown] Ruben Rodriguez Perez <[email protected]> | uid [ unknown] Ruben Rodriguez Perez <[email protected]> | uid [ unknown] Ruben Rodriguez Perez <[email protected]> | sub rsa2048 2019-04-24 [S] [expired: 2020-04-23] | B237DFE8B602BC8D82D9E37ED7BEFC2F89D03EFC | sub rsa2048 2019-04-24 [E] [expired: 2020-04-23] | 33D7C377333450EAA52D7707A6F017388D77A61A | sub rsa4096 2019-04-24 [A] [expired: 2020-04-23] | D7414716066071449F4C863F12AEEEEFA5742C50 | | $ gpg --verify icecat-60.7.0-gnu1.tar.bz2.sig | gpg: assuming signed data in 'icecat-60.7.0-gnu1.tar.bz2' | gpg: Signature made Sun 02 Jun 2019 04:43:25 PM EDT | gpg: using RSA key D7BEFC2F89D03EFC | gpg: Good signature from "Ruben Rodriguez Perez <[email protected]>" [unknown] | gpg: aka "Ruben Rodriguez Perez <[email protected]>" [unknown] | gpg: aka "Ruben Rodriguez Perez <[email protected]>" [unknown] | gpg: Note: This key has expired! | Primary key fingerprint: 318C 679D 94F1 7700 CC84 7DE6 46A7 0073 E4E5 0D4E | Subkey fingerprint: B237 DFE8 B602 BC8D 82D9 E37E D7BE FC2F 89D0 3EFC `---- Hope this helps.
signature.asc
Description: PGP signature
