Hello! On Wed, Apr 19, 2017 at 12:18:07PM -0400, Kumudini Ponnuthurai wrote:
> Not able to verify the latest source of mainline and stable versions of > NGINX with gpg key ( http://nginx.org/keys/nginx_signing.key ). I am using > Gpg4win Kleopatra. I uploaded this nginx_signing.key file, then changed the > owner trust under certificates. Then verified the source (tar file and the > .asc file) by file -> decrypt/verify. The message was, the key used to sign > the source is not found in the nginx_signing.key file. > > Please let me know, how to I verify nginx source with GPG in windows. > Thanks. > > I also tried to do this by checking for the key in key servers. Not able to > find the key that is used to sign the source tar file. There is more than one PGP key used. Full list of keys is here: http://nginx.org/en/pgp_keys.html Most of the recent releases are signed by me, key is at http://nginx.org/keys/mdounin.key. Key fingerprint is: B0F4 2533 73F8 F6F5 10D4 2178 520A 9993 A1C0 52F8. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx