Am 18.04.2017 um 12:09 schrieb Nick Kew:
On Mon, 2017-04-17 at 17:06 +0100, Nick Kew wrote:
And I need to do some more digging
around that bogus PGP key!
OK, this follows a subject that's been raised @apache before:
https://mail-search.apache.org/members/private-arch/members/201606.mbox/%3c1464999260.7490.275.ca...@mimir.webthing.com%3E
following which apache's own pages were fixed to stop using
32-bit key IDs.
Underlying story is at https://evil32.com/ . I think I shall also
blog this story and add my own thoughts.
Thank a bunch. So I had imported the wrong key resp. the right and the
wrong key by only using the short form of the fingerprint.
It turns out, that for my keys also invalid clones with the same short
fingerprint exist :(
I will be more careful in the future, using the full fingerprint.
Thanks again!
Rainer
