Where is the public key to check the pgp signature of nqp tarballs ? #426

dod38fr · 2018-02-23T18:01:47Z

Hello

Debian strongly suggests to verify the signature of upstream tarballs. Each release of nqp is signed, which is good.

Unfortunately, I cannot find the pgp public key of this signature.

Could you tell me where I can find this pubilc key ? (it may be simpler for you to upload your public key to a pgp key server)

All the best

AlexDaniel · 2018-02-24T01:56:10Z

OK, so my key can be found here: https://keybase.io/alexdaniel (it links to multiple sources so that you can cross-verify).
Same key is also on my github account: https://api.github.com/users/AlexDaniel/gpg_keys

In case that's not enough I also submitted the key to pgp.mit.edu server that you mentioned.

Please close if that's enough, or let me know what can be done better.

dod38fr · 2018-02-24T15:15:37Z

I've retrieved the key from pgp.mit.edu, that's the most simple for me.

Download and gpg verification now works fine. :-)

Thanks for the help

zoffixznet assigned AlexDaniel Feb 23, 2018

dod38fr closed this as completed Feb 24, 2018

tbrowder reopened this Jun 29, 2018

tbrowder closed this as completed Jun 29, 2018

AlexDaniel mentioned this issue Jun 29, 2018

establish a public key trust network for Rakudo and Perl rakudo/rakudo#1994

Open

Provide feedback