On 11/16/2015 05:39 PM, Scott Kostyshak wrote: > On Mon, Nov 16, 2015 at 10:59:09AM +0100, Stephan Witt wrote: >> Am > 14.11.2015 um 20:24 schrieb Scott Kostyshak <skost...@lyx.org>: >> >>> Dear all, >>> >>> If you have time, please download the LyX 2.2.0alpha1 tar and test that >>> it compiles/installs as expected. It is located here: >>> >>> ftp://ftp.lyx.org/pub/lyx/devel/lyx-2.2/lyx-2.2.0alpha1/ >>> >>> Also if you can, please check that it verifies correctly. This is my >>> first time signing a tar ball. >> >> The signature is ok. The build on Mac OS X works. > > Thanks for checking these. > >> I've uploaded the result here: >> >> https://dl.dropboxusercontent.com/u/27842660/LyX-2.2.0alpha1%2Bqt5-x86_64-cocoa.dmg >> https://dl.dropboxusercontent.com/u/27842660/LyX-2.2.0alpha1%2Bqt5-x86_64-cocoa.dmg.sig >> >> I've used Qt 5.5.1 to build it. > > Good choice. > > The key you used to sign expired a year and a half ago: > > $ gpg --verify *sig > gpg: assuming signed data in `LyX-2.2.0alpha1+qt5-x86_64-cocoa.dmg' > gpg: Signature made Mon 16 Nov 2015 04:09:30 AM EST using RSA key ID > EE614DC4 > gpg: Good signature from "LyX on Mac OS X (Signing LyX disk images) > <sw...@lyx.org>" > gpg: Note: This key has expired! > Primary key fingerprint: 4154 4A61 DBB7 7561 47C1 DD4F A149 7996 EE61 > 4DC4 > $ > > Is this a problem? > I imagine it is not a problem for alpha, and that I should go ahead and > upload your .dmg but I wanted to check first.
Just to be clear: You should resign this with the LyX key. Stephan's signature is only to guarantee to you that the binary is valid and from him. Richard