Hello, I have imported PGP keys of the texinfo maintainers from
https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=texinfo % gpg --import < texinfo-keys gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information gpg: key E707FDA5: public key "Werner Lemberg <[email protected]>" imported gpg: key 30D155AD: public key "Karl Berry <[email protected]>" imported gpg: key 78D5264E: "Akim Demaille <[email protected]>" not changed gpg: key 36ECC523: public key "Patrice Dumas (Pertusus) <[email protected]>" imported gpg: key 55D0C732: "Sergey Poznyakoff <[email protected]>" not changed gpg: key 937EC0D2: public key "Arnold Robbins <[email protected]>" imported gpg: Total number processed: 6 gpg: imported: 4 (RSA: 2) gpg: unchanged: 2 but the tarball seems to be signed by somebody else: % gpg < texinfo-6.0.tar.xz.sig gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information Detached signature. Please enter name of data file: texinfo-6.0.tar.xz gpg: Signature made Fri Jun 26 15:54:17 2015 CEST using DSA key ID AB37FBA9 gpg: Can't check signature: public key not found The keyservers say this was probably this key: pub 2048D/AB37FBA9 2014-12-18 Odcisk klucza = EAF6 69B3 1E31 E1DE CBD1 1513 DDBC 579D AB37 FBA9 uid Gavin Smith (Texinfo maintainer) <[email protected]> sub 2048g/7302C061 2014-12-18 the files I got from the mirrors: % md5 texinfo-6.0.tar.xz* MD5 (texinfo-6.0.tar.xz) = 02818e62a5b8ae0213a7ff572991bb50 MD5 (texinfo-6.0.tar.xz.sig) = 6fe30fbdabab79a55ebd0b2608fa6847 % ls -l texinfo-6.0.tar.xz* -rw-r--r-- 1 saper saper 4086712 Jan 4 21:35 texinfo-6.0.tar.xz -rw-r--r-- 1 saper saper 213 Jan 4 21:35 texinfo-6.0.tar.xz.sig Not sure if this key is to be trusted? Thanks in advance, Saper
