Jon Turney writes:
>> - Embeds a new Cygwin public key (which nothing is actually signed
>> with yet)
>
> setup.ini is now being signed with both old and new Cygwin keys.
As I have my own mirror script that will then combine any local packages
into one targeted install hierarchy and I _do_ check the signatures
(that has saved me from broken mirrors a few times), I've had to go and
import the new keys, which then gives me:
... mirroring
==>/mnt/mirror/cygwin/x86/setup.xz.sig
==>/mnt/mirror/cygwin/x86/setup.xz
Waiting for 2 transfers to finish 2 1
...all transfers finished!
gpg: Signature made Sa, 14. Mrz 2020 11:53:57 CET
gpg:using DSA key 1169DF9F22734F743AA59232A9A262FF676041BA
gpg: Good signature from "Cygwin " [unknown]
gpg: Signature made Sa, 14. Mrz 2020 11:53:57 CET
gpg:using RSA key 56405CF6FCC81574682A5D561A698DE9E2E56300
gpg: Good signature from "Cygwin " [unknown]
So external signature checks actually work exactly as intended, thanks.
Regards,
Achim.
--
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
Factory and User Sound Singles for Waldorf rackAttack:
http://Synth.Stromeko.net/Downloads.html#WaldorfSounds