On Sat, Jul 21, 2018 at 03:49:14PM -0500, Gunnar Wolf wrote: > As we all finish packing our bags for Taiwan, several people have > asked me what about the KSP list we are supposed to > _print_at_home_. So, I took some time out of packing, and decided to > finalize the needed bits to have this in working order! > > So, we have the final v1.0 list for the DebConf18 Continuous Key > Signing Party! Please find it here: > > https://people.debian.org/~gwolf/ksp-dc18/ksp-dc18.txt > > If you want to ensure the file came from me, you can check the > clear-signed version: > > https://people.debian.org/~gwolf/ksp-dc18/ksp-dc18.txt.asc
This file really isn't usable, it's not a detached signature. It can not be used to verify ksp-dc18.txt. When verifying it, you get: $ gpg --verify ksp-dc18.txt.asc gpg: Signature made Tue 24 Jul 2018 02:08:48 AM CEST gpg: using RSA key AB41C1C68AFD668CA045EBF8673A03E4C1DB921F gpg: Good signature from "Gunnar Eyal Wolf Iszaevich <gw...@debian.org>" [full] gpg: aka "Gunnar Eyal Wolf Iszaevich <gw...@gwolf.org>" [full] gpg: aka "Gunnar Eyal Wolf Iszaevich (Instituto de Investigaciones Económicas UNAM) <gw...@iiec.unam.mx>" [full] gpg: WARNING: not a detached signature; file 'ksp-dc18.txt' was NOT verified! $ gpg --verify ksp-dc18.txt.asc ksp-dc18.txt gpg: not a detached signature We need to verify the ksp-dc18.txt file, that's the file we'll all compute the SHA256 for. Kurt
