New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[META] Publish PGP key for signing releases #4374
Comments
@paulcmal Thank you for opening this. I've just uploaded the public key to a well known key server: http://pool.sks-keyservers.net/pks/lookup?op=get&hash=on&fingerprint=on&search=0x2D9AE806EC1592E2 (or if you prefer the MIT key server https://pgp.mit.edu/pks/lookup?search=0x2d9ae806ec1592e2&op=index ). |
Sorry but i'm a bit confused. Is this a different key than the ones that were used for 1.4.3 and 1.5.0-rc1? |
It's the same key. Seems to be working just fine for me:
|
@lafriks This is only applicable to the binaries and not the actual git tags. I know you mentioned that the release tag signature depends on who the merger is, and "Github magic" (so more complex than the way the binaries are signed/verified), would it still be worth looking into being able to verify the git tags for those of us that build from source? The binaries are obviously priority, but this would still be really nice to have for the source. I know that I'm able to do that with Bitcoin Core git tags, but it looks like they have only one person that signs the releases. Perhaps if there were a list of the user's keys that would be making releases, we could verify off of that? By poking around the Github API, it looks like it's creating subkeys that are tied to something (either the Github account or the user's uploaded GPG key), but I can't figure out how to get a valid GPG key from it to verify what Github shows. I'm hoping that someone who is more familiar with Github (especially the API) can clarify what happens with signatures when doing a Squash and Merge and how to grab the right key. Here's my attempts to try that: [
{
"id": 218891,
"primary_key_id": null,
"key_id": "002E9FFD10C56403",
"raw_key": null,
"public_key": "xsFNBFmv4asBEACtYpKTi3WeKvZL4vNhpGJ/66+GIW6S+n+Hct3XNH+25Gy0b91r4rH7eEkgERwn9cvYsLKop67N9nTTCUz4CM6RAWIYXEp9+/cU/h2hMs7rt3BmqGJA+8GHBmPsXDOJqBFiF0xOejgoQNw3FeS8WZ4VfJgX8z/dFwyeGHfPXk4TL+DN0li9T7gG96CEAQqu7AeXNVoO+Gw+sSC7pn4+lviXH9lsqO6pTPHIJs2N3MxuXhW2Tn3UldYhsTwWbv8cxPjPzRWgIVEAptNQmX7e0AW1qyCT8uuM7k8j1hb1o71q07tVgeE/xUGTByq0ngzDqwllr+oJ0gL+bZu9wr3aUf+VYn2VQS5CpaK3+Lc7A0qcsovWaKHQljqr5/T2vlLVuUQ5ZlIaimv0N5+j4NJixKtF2vGbdx6VjMvw28Eu88Cxn6j0SM999v6QfUNnYuThhQAnSVSQQX6n0MJQWrSfeB2JxElxCTZUv1H0j2vwdqaC8UrAQo5q/QvPXIWNbiylmrgHfndpwy4DLwOV1+v9wsKq7Xlit8bfrh3PnNT5VYXcriUgmPkX7AgalUWW7eU996VyTRT6kARsea//4lPxyVbmKsbhbATPh9dqSScOoeo4tReJ6Xfkc9/IRqhXMAWPWCyeR769HRK5SNqBvFt2SP6n+UAZjftqMpV5JY1ewSqA0wARAQAB",
"emails": [
{
"email": "lauris@nix.lv",
"verified": true
}
],
"subkeys": [
{
"id": 218892,
"primary_key_id": 218891,
"key_id": "6E25973C4BACF28D",
"raw_key": null,
"public_key": "zsFNBFmv4asBEADRfJDkCFCey4pCM7OD5C+6Gp9racCyC2MwPr7/YJ5DtB5pEHCOU8UB9S2vMEYExj1isUGKQ5G1sZFumXJa0ZxOdpxHwhAcv4K5hA8dRG4ox5HQpfdweDrsRUBKSp6yZCWiqBDc7213sRkH91tzgPjEQs+XWp6GnudAwH/kVwMtbnIoP8EyxP++sYeMysPyEDDXE6rHUVVqgh8zSdkrQ4W56FxrJe68usihZwAztPMz5D0eGFpOMftFcrAFSY4tXfwKKH8oZUe1yo2L1EMOQftZdoz1aS4JCjFKKxxT1TWoQ1CxLYKLGbQicSxEl1PaMfIrQBC6TVV8i8p43A2Cva/IiIfHwdkMd97bauWyFng14HYnXx8jJpmdPDps6pHrNEjAcC8gkBkN8BizjnfbLGbNyYfREVrz0UzehhjBPFxgdba2dpjsDAkQPqMu/gX+A8vUWSaRe9TKajDtoMNzPFn6xfxwY1U9eyhEU8xmUAU1B2s1JkEyO+0g4n+UxtZ0qwJtp6jWlHmZNzocQO82SzODaytvzs3keeEiw/CYwr6D9Nov1SZ65FO39Z6PngQpXeZKufiy8iDKDRDckPp41pT+cHt+yFPHrA7BEw3wWJQwJOmPWB9WOSvZ4t62CTQDhCEDq++uWfohJmbigmNw8+em34K94e/TjOQd5a023I7bhQARAQAB",
"emails": [
],
"subkeys": [
],
"can_sign": false,
"can_encrypt_comms": true,
"can_encrypt_storage": true,
"can_certify": false,
"created_at": "2017-09-06T11:54:43.000Z",
"expires_at": null
}
],
"can_sign": true,
"can_encrypt_comms": false,
"can_encrypt_storage": false,
"can_certify": true,
"created_at": "2017-09-06T11:54:43.000Z",
"expires_at": null
},
{
"id": 176869,
"primary_key_id": null,
"key_id": "AECE216D007B1CCC",
"raw_key": null,
"public_key": "xsFNBFkIzMIBEADUCYRw3yXiCkzxYXWKh1xsYTU04w77VKs7psquG+LYSjl5juuavJzHKniaMMTCyMWpvslmC2ke+udY6nCAcm7lW+vaNo2eABjC9GTPjeuYkV/RpJy9V8ituo0o4NXdD+ekQaTqgSdutRMoUF+60obD83QNJxz0vOrHatESZlcFjKYDo3MVbT+Cy/9lgf2Osc7gx825vvuN75IvsUVb1BXdm3D7SGW3jTy62KCJzvOXX33UdxKN/zehRFM0qk36Iwr8Dmp8HaAhNXJ3MgzzN20kdA6MFhW8MsZmYVJVih/svA9BL+4EDE5u4bxsC3dSDbJpksWi1OTebvdl0P8gIEirpLsbfftvu89m7sm3JIWW3jj69SQjbAScNOlSm1hSxWSV6m0pSLZhG1cxcXR9AtW9SMOkgDc2/9mwocYmvqLD7GBOK/iV4Q0SchnNZZEHxXjxoHIfmsTingYqdU0GjDdsJcPKsLa2Sw+0jBQ/IfbaUH8gbUtiCkukSqR6rUGwkER8k8Ncamn1i3TlVNd7T2qF4i/dmaoAbCw3TNp5Uvp5pHITydHi352B9ntfQ4QXK62FP3XgMV1txVxEXt5rDhj8u/H5t34UK2v4xhI6VtCQQ1ewoTDrvpRX5nvlSfbRWsO3zV8Dc9s+lBOpe+ZBBT50xO+NHlk5fOz/JNYS4H7muQARAQAB",
"emails": [
{
"email": "lauris@nix.lv",
"verified": true
}
],
"subkeys": [
{
"id": 176870,
"primary_key_id": 176869,
"key_id": "103A91F0FF9869DA",
"raw_key": null,
"public_key": "zsFNBFkIzMIBEACyZuaertUVhqEnM+J1IW3iplTNIk8oZ4W4p34a9EIkjPK4E5U4Fqy6qQJA0xfGQQJKdxL/NNLcZT//2KKKf7tynMLGHQQzmfqUEmNuXxhaqfl5xs6qoXhRntq/0zmAPLUQ17kYqSFeICaBRf9B/EK76qx+oWK/cXPkhASK3xhYx0YpxZHpiEu5RcsuKEbjU2hFNWP3hGqqSVG9WBIvF+Sr+qzyqTpBMjcB5uq2jnxuOjHae64LmjpcxsmyrRM7qfxOKHZwA2yDNuCqBVIwUpraINREUUmZcKGMgiRaWEzEZ5nQYqa8sVIzwu2Dfw6rmUGX+HO4/KQ7RYE8h/5ASCA9WcsaIjeYhCLIENKyQ3mn3irsL/tA82/Ns5mJQmQkTu1QM0njAPcb2iMlCoTme6+GvUGji6pnxUDi/UTqqLGfmitq1kV11nfZoE3ETs5Ae5yv9Drw3Ag5LjqVIUKGo5f0ewSSk/UWG8MDdiN5RcZQDQHT+Prfe0iQm0+cieLc3X6HMQv2ygCIT8MCD0YSljftUjnal8gdGkGMMvYWmldkVgCAJwSfyb1mVjCG4EWJ8wNq3I+lVxX8dJ4iqlBJy07ZUT97T5RFMekWNkVW25iSvtugTXLwKAnEVBIdk2+GhyRL+FweKcgBxGHCzs3DY1UnQ07xO2GGjqJdPgQeIuYhEwARAQAB",
"emails": [
],
"subkeys": [
],
"can_sign": false,
"can_encrypt_comms": true,
"can_encrypt_storage": true,
"can_certify": false,
"created_at": "2017-05-02T19:33:15.000Z",
"expires_at": null
}
],
"can_sign": true,
"can_encrypt_comms": false,
"can_encrypt_storage": false,
"can_certify": true,
"created_at": "2017-05-02T19:33:15.000Z",
"expires_at": null
},
{
"id": 389730,
"primary_key_id": null,
"key_id": "DFDE60A0093EB926",
"raw_key": "-----BEGIN PGP PUBLIC KEY BLOCK-----\r\n\r\nmQINBFs/sX8BEADFRdCf86KpGFpH65AijPqy368VLL4tmCBSiQBDzOGMSPxfZhVG\r\nkWKVMV1a0yGGxr6gugO3lnsuhvVTgjeVisVd/O29zzwtF/XCECkZ7qNqcrbqzwJG\r\nl6jcNTq0jkKd3gvPljAm5QJhx5zhSM6oVtvwjVW+sGQ9M0Wg5rd8YaeoO0Nu/ScQ\r\nNjVgP07WikwgUEDtSnAbBn1WfYXEnC799n0jWAwxg1VrNJjiBqjfYIoQJzUl1wZG\r\na8CaZCAg9QOuAiYFKj+rvzffJzl46uk1QLH2xD+5LKsH2HJ/7NJaGVYP8Kk9g8Ed\r\nD34ClLkI2WmsTMeQJ9AWu0dHjgyKh8J1P5L7CUqCnCmtocUm3TI8Fn9SZ8o+f9SU\r\neASt7EGXRsxj4rR6Pp5akKBssnXSM0OzKbZ5jWhjtm3ow8Zfu9O2aFDs9R7Mn6Ec\r\nfKCTozfHtweQhl/qrkxgOHuns6ncEfoucPq0mbE58EsCf4v8GhKns7/oGWnIKlt8\r\nTGroiej/Xev8JEdvXyxYhx7yPmwk5ivUIC/3bMK+oESlvZCamRhg4H+A0mWrqkPD\r\neqBiuK7PvuGWY1+cZ1uL2wV81ymOfmjNq87GHvOfT4QhY9AIOl2B5iNkPutnzGGK\r\ndXoAhX8sCvkSKt9La5xR5GDbAiZaz0fznyz0osn+v6l7J44pKRvce+7XmwARAQAB\r\ntClMYXVyaXMgQnVrxaFpcy1IYWJlcmtvcm5zIDxsYXVyaXNAbml4Lmx2PokCTgQT\r\nAQoAOBYhBNj5Zy13wLtgoCTCPt/eYKAJPrkmBQJbP7F/AhsDBQsJCAcDBRUKCQgL\r\nBRYCAwEAAh4BAheAAAoJEN/eYKAJPrkmVY0P/RE4jPWzj1UE2jklLfqdwSPCBNgk\r\nG4C7MrmZqrDvhrGOHFmTnP6FH0++vnTCXILg8n8t1+5ZfDpf2qNTSuEZUyTFpOD6\r\nNzI4rjY2+fm5u1QYg+I/5S4y1YBnEk1AEhWpwPu0u3LnQD2GmL1S29MW8z+nJ8Wk\r\n44koM8hD3HhFZHdOV+7PxjsXj+kgn0uzaBegMV/VGRlUubf9QI6oXLY9qggBfovk\r\nzXDEPYyEDbonwLGe3AV/Tj8Esb/w5VZNQQmwh02NXi1QcnlssJGlx2i83Rt63UKN\r\nDQ4qB97KxfZUCmWoqIrHq6bJBQzVasW7kOnBxcQmFfCyfJM4QiewGkPMJt3+2xLy\r\nVBHjYK+PjllRrF0eaESkIOKiIZ6l49flau8pBPUIqKvF0I9TLPGsaDC0j71sX2M3\r\n7GBZeScUhlplvrUgox8airfvhu+J/EWSEPcMQ05rTUcIit4EI+2x3AlAQOg4gmXs\r\n8XHtL8eb/zVS2Ygv8EU5ijCxdnAKkFP/tUgn7LOE6KiAvXkD697sj9VhWpkn96RT\r\nmPSSYPQGvPGoA9GhBayBwpH27HU1OsDXGuAxtaYYVmihQ9fJW6decbI3gv53pHNM\r\nEt2nHJdQfiixWKb6kwv8DDhxWz+l2FxWJwnu8J1sTYV1lCLGsKrEpoDbqUuLDvcw\r\nC68OlO+YiQtt/Zo/uQINBFs/sX8BEADCJ7F16Nqlku7KEwpA0Hhvyd3PZBn0NrkT\r\nthTWkFfvW7Cpl5eDXGQU2HvfphPI2QUgr2EU6QwHrSeFgox14wMp1Js8X+Zts7V1\r\nnGZGjcHOEstrdeltNfAsPwPs4QWzoe9vC2aVMUNnnXQcAaew7ZDzmwP8Nvx0wcK9\r\n7hMZ/TUr7/WxA1ZN0Nx8npMQjr+LIZgi8Im8xEVihAX/0VdLXRW/nqXeNmye0ZT/\r\n8sQYYzFlyNB2/6ruWAdaRG+aDq3GWdw0LxH0mnZ4AF13su4vdWXBDASXCwwe8m0R\r\ndogdWp9zPEmH35TuVUI2O5pg/XJHDCId/KIno74RUjqTDGbrCiYrAUrmxwSRsTup\r\nl+kIMLRxXJ6/iCm5ejY9NyefmqSdgUjy9nxBFry1s+CMIh77bb0oHsJBXriT48ey\r\n4J3KqnShV6k1YeXqO1InoxPHN5JKLmvyPuXU91daADEI0h2v8HMIxgVAeMtmw0HW\r\nvEqeCxlJZFaKjC+vOZDhrBk6B5Sru7y0HxzSwzCm5YGIQf1ITuCOMwKLlnJEebAL\r\nutHB7wQ+VanXWaWh3GLRnc1zRga/6hjuEum8eI9ul3+UxRof2wxFyzk1ZILZiR54\r\n6+LdRVDL4HW+L3+eSRoH08YvSfQaX53M0KHnBgblxZTaNomdGmhPubfwWjiudN7Q\r\n080GumkkcwARAQABiQI2BBgBCgAgFiEE2PlnLXfAu2CgJMI+395goAk+uSYFAls/\r\nsX8CGwwACgkQ395goAk+uSbR+Q/8C301DLy2uzCdwhSxQ6BijnKplwCx81iwPMGn\r\n0pYHHu9WT2zfeRzSCTL916ghvEYUuPwqGPC4puPj8ChVHpJ7o/axDl6xK9MgzKtg\r\nlSr+3Az4eS6HLrpub7GlsL4bRu7pr17whFUnIpKzOSwA3nDDu3AuCibTb0rhlcFf\r\nqDixE98oIJDbN4AkketAl2uWkQVb0nwRTIqeA44NCjDj2/btVE/hAKm++Sj9Lky6\r\nqGM8ilblGIR8gAYbf5AffJ3muAK1Ex/zQY4dBjB247EPSl7dL9r3Y0Uh+SxWgZV5\r\nRkXhZlO8U+SxCN2oOiEDpC2rpxAkEJVxD1OH8Vm20hkBjbVaSdPK6z6NJPqV3iZn\r\n5p2+umm6+OBDDr49VkdkbK3jS+tq2VCnehrOcR8S6kqnzdZIB5JNTlW3j5PKRJjA\r\n9g8TvFr/7zv++atLxq0o+XynXj2IeeqOOrrWt3l9myFBhi7QF2/Z0GwwZutZNWgk\r\nrNCHtcM20nGaJh7LK5Dmk84XW0pXQHqNRhsz9tcLdx97wsj56ffIxuJyFYwxvCEp\r\nfK1GH47G79a+rADm0b4jmNCwcl6JPW18lp8SKGjSXkr44YxKo4JgJTYzAD4dlIe1\r\nXCc73exgkYyQ/d2s9R4jcn9gpd+wvTJGkO21x1ACYS/GX+bcLBCMGxSHwU7Xkg26\r\nIeEXflu5Ag0EWz+3AAEQALcHqoeqxe8uLktgcWjQxHsvOaxFt2nfBjPRIIoM5pn/\r\nO1enEQNhTU5BlwnkTdt+KY+vZItrXFdGOekMg6zJzeQrfkCxebRiEcDslvRUBeS0\r\nfFDCbnKnycM2EgGn8zSyIa6aCBJ0cxbwl7cDgucl0+68td8zhNmCuaeVVaRK07Qa\r\nQs3s4EgiMYMRtfmQU2Q1VW9kb1rcF2H6dRtzHmhlKlkJllRUxYVMs93qFF+EP409\r\nWgg7gua8NEkhvNkd2Ps6a4Cn+SirXuqYAbGT5LyWlN+DtFVo4U2sDVfUT3F++vAE\r\nzHo3HbRtF7GmbMermgodJDfUm7F1BDnbBfGoPlWHKwWtdJgv9ApTJi7H92EyfUTJ\r\n7QkmxKtCNNX+gVAhT0g/rkN/BaAqBChtyjQdp4R0OytELZRrLUj5srhHOpyR1ljG\r\nfU81Un3wGqhjo8jfC6/ZIj0eeaiJPkza6XTX0nO3RciHKTtABVSwfF+2WXZy0iky\r\nPbbe1NVzBLn6RBNyZ/rpYxaDWnuXnv1ngwRFqsl81JYTztYug3GjIDOfLaTG9DcQ\r\nyWpdxogkivlQK4FHTToIoWRvjRDZZfsDd8N+iDQ+K9C8CNffm8X46m78idO1OyZt\r\nt9TWtGrnjpSQql97rLcKUbBqiiS2w3QZMmdCT2/g7rtTUvNUMTYuhFsk7Ntk+OS9\r\nABEBAAGJBHIEGAEKACYWIQTY+Wctd8C7YKAkwj7f3mCgCT65JgUCWz+3AAIbAgUJ\r\nAeEzgAJACRDf3mCgCT65JsF0IAQZAQoAHRYhBB5Hg0u1qPH3nMXqW2mL2ZGxSeqV\r\nBQJbP7cAAAoJEGmL2ZGxSeqVdPwP/25MY9rBbN6hUvVbTktmaVmLxnP1I3LEsAUP\r\nLnHNGCT9rB/OiQRK6lZ+9rEEHoCjvaNKwOe079KbE0EroSn1uamvO1R+4RFdZZ3g\r\n8994GaI6PgKHUIsiUuPTQyT3bQMhlPsPsjGLkkM37JslYMT3QefJVC7hudbXRBuT\r\nmLbV4oICLY/GVKQDv3jjqQ3uTtcEC1hOoFgVBz7R/mZKMdqTYrIts9HVqOp/n1UL\r\ndB6YXYE0xklT0bfE6RHtcqffbB+oShQmgjUngW9CZRm2+yOh+fWzbTOynHrCj2c6\r\nxSOHCRigdkjItO4LenWJtvThW8p25P2w6TAQJFzk1G/pzJDrdrDk+QbEa325dXdg\r\nx8gCbzB1COXgZkIKgDUIi3SwMBZfwY+Nc9E3oWuPTqcj/YboD3UMLiERz4pXSIC9\r\nT40O22hr5EEPfiphL0221OZ3GOOYBf5CflpWQwMtXEFRzkQov8Uy6P/D0L8yFCK5\r\nDn20g88z8GFugN+Cy2F+CJ1Gs3GUh/foRUMpvIc58ZVLSeFJs6F+iCYtql9iqulV\r\nWYXYahcFBK2Fm++M2tnV8BOxJaLUrsv0mfw8Xd3NJcbDexDJnZWZysJfFPhbxsrV\r\nnWaYev84oIbvogZ/fYGWMR7ZMA7KZXnGFSUngEEelm10V1vDBBSA+WlarQcMNEGD\r\nOFT5CjKHFGkQALvYNSswR76zX9SVkYcnYQJwSce5M9Le5UnDnJqozlofaxwVTfME\r\n8MjZsRVjuW2MVIGTsmfBd+HK+0gmcwBWurvNcB6yLCqXDNV3qAREykdwKNGqY9hF\r\nsjSg+TXCyQkvT5PZKsX2NLeBWSfG0j0Lek0HrhRZbXjrwo6BZU69gmoornQIQxjt\r\ndyzn8sGG5EQq+myHZ2lpQcLqsZd7EwvDbCURrY3Xdpw/LT4fMtGgl+IR2yvPkBLV\r\neiVxIj3PyDZhluqkFFqV4oZ0WsujTzwTrBX8+TqeS3GSVwaZicziUgha8zIsDWLq\r\noGHDAdMICaeGri1I/AHOhBxDQNQMgkQ+YB+PArBQCwbWQw769hmYaSSNGX8iqSVz\r\n9vHDhsqJZuFc94iJ8xwIHgTVOr8PaAfryzlrGQ6y4BZDLqH3OemcTwUMWsoqDhir\r\nV7Z/LnByLAtLURqNhVeY63RmAj8lba5+BUXeY5yWKx4t60C7+P5M1rjMC2ebkaQT\r\nb/N971BZrJlqvNmBEZTVjwDnx4BbCkdKDUsxsJvcrDe7WyguVkkNvNChEqcKdilj\r\nEpFnkFSUrOpEKoNxb7xlJivFanT46paxebfRSMKljG/H2a2KI4bw8TZJY/kOZNWf\r\nVa8v1ZDytzI+w+6D0U4j62Cj5KuUjQ6RiJj9WagMhr/jC/2dffz03ysA\r\n=UqMk\r\n-----END PGP PUBLIC KEY BLOCK-----",
"public_key": "xsFNBFs/sX8BEADFRdCf86KpGFpH65AijPqy368VLL4tmCBSiQBDzOGMSPxfZhVGkWKVMV1a0yGGxr6gugO3lnsuhvVTgjeVisVd/O29zzwtF/XCECkZ7qNqcrbqzwJGl6jcNTq0jkKd3gvPljAm5QJhx5zhSM6oVtvwjVW+sGQ9M0Wg5rd8YaeoO0Nu/ScQNjVgP07WikwgUEDtSnAbBn1WfYXEnC799n0jWAwxg1VrNJjiBqjfYIoQJzUl1wZGa8CaZCAg9QOuAiYFKj+rvzffJzl46uk1QLH2xD+5LKsH2HJ/7NJaGVYP8Kk9g8EdD34ClLkI2WmsTMeQJ9AWu0dHjgyKh8J1P5L7CUqCnCmtocUm3TI8Fn9SZ8o+f9SUeASt7EGXRsxj4rR6Pp5akKBssnXSM0OzKbZ5jWhjtm3ow8Zfu9O2aFDs9R7Mn6EcfKCTozfHtweQhl/qrkxgOHuns6ncEfoucPq0mbE58EsCf4v8GhKns7/oGWnIKlt8TGroiej/Xev8JEdvXyxYhx7yPmwk5ivUIC/3bMK+oESlvZCamRhg4H+A0mWrqkPDeqBiuK7PvuGWY1+cZ1uL2wV81ymOfmjNq87GHvOfT4QhY9AIOl2B5iNkPutnzGGKdXoAhX8sCvkSKt9La5xR5GDbAiZaz0fznyz0osn+v6l7J44pKRvce+7XmwARAQAB",
"emails": [
{
"email": "lauris@nix.lv",
"verified": true
}
],
"subkeys": [
{
"id": 389731,
"primary_key_id": 389730,
"key_id": "ECF9122A9ECF3A2F",
"raw_key": null,
"public_key": "zsFNBFs/sX8BEADCJ7F16Nqlku7KEwpA0Hhvyd3PZBn0NrkTthTWkFfvW7Cpl5eDXGQU2HvfphPI2QUgr2EU6QwHrSeFgox14wMp1Js8X+Zts7V1nGZGjcHOEstrdeltNfAsPwPs4QWzoe9vC2aVMUNnnXQcAaew7ZDzmwP8Nvx0wcK97hMZ/TUr7/WxA1ZN0Nx8npMQjr+LIZgi8Im8xEVihAX/0VdLXRW/nqXeNmye0ZT/8sQYYzFlyNB2/6ruWAdaRG+aDq3GWdw0LxH0mnZ4AF13su4vdWXBDASXCwwe8m0RdogdWp9zPEmH35TuVUI2O5pg/XJHDCId/KIno74RUjqTDGbrCiYrAUrmxwSRsTupl+kIMLRxXJ6/iCm5ejY9NyefmqSdgUjy9nxBFry1s+CMIh77bb0oHsJBXriT48ey4J3KqnShV6k1YeXqO1InoxPHN5JKLmvyPuXU91daADEI0h2v8HMIxgVAeMtmw0HWvEqeCxlJZFaKjC+vOZDhrBk6B5Sru7y0HxzSwzCm5YGIQf1ITuCOMwKLlnJEebALutHB7wQ+VanXWaWh3GLRnc1zRga/6hjuEum8eI9ul3+UxRof2wxFyzk1ZILZiR546+LdRVDL4HW+L3+eSRoH08YvSfQaX53M0KHnBgblxZTaNomdGmhPubfwWjiudN7Q080GumkkcwARAQAB",
"emails": [
],
"subkeys": [
],
"can_sign": false,
"can_encrypt_comms": true,
"can_encrypt_storage": true,
"can_certify": false,
"created_at": "2018-07-06T20:34:39.000Z",
"expires_at": null
},
{
"id": 389732,
"primary_key_id": 389730,
"key_id": "698BD991B149EA95",
"raw_key": null,
"public_key": "zsFNBFs/twABEAC3B6qHqsXvLi5LYHFo0MR7LzmsRbdp3wYz0SCKDOaZ/ztXpxEDYU1OQZcJ5E3bfimPr2SLa1xXRjnpDIOsyc3kK35AsXm0YhHA7Jb0VAXktHxQwm5yp8nDNhIBp/M0siGumggSdHMW8Je3A4LnJdPuvLXfM4TZgrmnlVWkStO0GkLN7OBIIjGDEbX5kFNkNVVvZG9a3Bdh+nUbcx5oZSpZCZZUVMWFTLPd6hRfhD+NPVoIO4LmvDRJIbzZHdj7OmuAp/koq17qmAGxk+S8lpTfg7RVaOFNrA1X1E9xfvrwBMx6Nx20bRexpmzHq5oKHSQ31JuxdQQ52wXxqD5VhysFrXSYL/QKUyYux/dhMn1Eye0JJsSrQjTV/oFQIU9IP65DfwWgKgQobco0HaeEdDsrRC2Uay1I+bK4RzqckdZYxn1PNVJ98BqoY6PI3wuv2SI9HnmoiT5M2ul019Jzt0XIhyk7QAVUsHxftll2ctIpMj223tTVcwS5+kQTcmf66WMWg1p7l579Z4MERarJfNSWE87WLoNxoyAzny2kxvQ3EMlqXcaIJIr5UCuBR006CKFkb40Q2WX7A3fDfog0PivQvAjX35vF+Opu/InTtTsmbbfU1rRq546UkKpfe6y3ClGwaooktsN0GTJnQk9v4O67U1LzVDE2LoRbJOzbZPjkvQARAQAB",
"emails": [
],
"subkeys": [
],
"can_sign": true,
"can_encrypt_comms": false,
"can_encrypt_storage": false,
"can_certify": false,
"created_at": "2018-07-06T20:34:39.000Z",
"expires_at": null
}
],
"can_sign": true,
"can_encrypt_comms": false,
"can_encrypt_storage": false,
"can_certify": true,
"created_at": "2018-07-06T20:34:39.000Z",
"expires_at": null
}
] I'm curious how the raw key format differs from the public key blob (perhaps the binary key, base64 encoded?). Does anyone know how you can take that blob and turn it into a valid GPG key? If so, we could use that to verify commits for each maintainer. I'm probably overthinking it but thought verification would be simpler to do 😺 Cheers EDIT: OK, that's definitely a base64-encoded version of the signing key. When I decode that to binary, I can import that into GPG but can't seem to do anything with it (nor with $ base64 -d pubkey.asc > binary.gpg
$ gpg --list-packets binary.gpg
# off=0 ctb=c6 tag=6 hlen=3 plen=525 new-ctb
:public key packet:
version 4, algo 1, created 1493748930, expires 0
pkey[0]: [4096 bits]
pkey[1]: [17 bits]
keyid: AECE216D007B1CCC
$ gpg --import binary.gpg
gpg: key 007B1CCC: no user ID
gpg: Total number processed: 1
$ gpg --edit-key 007B1CCC
gpg: key "007B1CCC" not found: No public key
$ cd ~/gitea
$ git verify-tag v1.5.0-rc1
gpg: Signature made Tue 03 Jul 2018 03:47:43 PM CDT using RSA key ID 007B1CCC
gpg: Can't check signature: No public key
|
@4oo4 you can also check out the URL from github here: https://github.com/lafriks.gpg that has an armored file of all lafriks public keys. |
@techknowlogick Ahh, that is so much easier, I wish Github had that better documented. Thanks! So the reason it's not working for me I'm guessing is from the Github comment on that key: |
Request for reopening. I am unable to find the public key linked from https://docs.gitea.io/en-us/install-from-binary/ and SKS keyservers cannot be trusted anymore. I think the best would be to have the public key somewhere in the repository itself or documentation. |
I was able to find this:
|
Description
I couldn't find the PGP key
8C4033A23895237CB27D52D9D9B5613BEB813F99
that signs the releases. I've tried many different keyservers. I've even tried importing the keys you use in the tests on this repo, but they're not the one :)After giteabot compromission, someone already suggested that you publish your key. They were given an answer that it would take place before 1.5.0.
I just thought opening an issue might help remembering about it :)
Thanks for maintaining Gitea <3
The text was updated successfully, but these errors were encountered: