Short version: Where is the public key for the .sign files?
(Key ID 514C5279)
As most of you know, there are now a bunch of .sign files on the
kernel mirrors, each corresponding to a kernel tarball or patch file.
These files contain detached PGP signatures. I would love to see
whether these signatures do indeed match the contents of the various
files, but I can't find the right public key! The I looked at the
kernel source tree, www.kernel.org, a bit at www.linux.org, looked
through the linux-kernel FAQ, and even grepped through the www.pgp.net
key archive index. Ack!
I'm sure it has been right under my nose. :-(
Anyway, even if this info has been publicized, it should be publicized
better (maybe in the mailing list FAQ?) - digital signatures are not
that useful if nobody can verify them!
Thanks.
--Anil
- --
Anil Somayaji (soma@cs.unm.edu)
http://www.cs.unm.edu/~soma
+1 505 872 3150
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBNqoFtkLkmkLHxWM5AQE24AQAkhsqtqozwRL0pOKwaD6PaoSjdkER0Hk1
ey5bl1F9lRm58iPXc8wZ4TITtx7CBXTEvYllVig7OHsEobTZD86DNnkkyOOucpDR
zUm8ehhq2XJRJKZd9S/t7l6Yd188x0ccV2gccbhGExVdnoOSqabZO4yr4NqQbGfK
BSwIVd9pcn8=
=3kP1
-----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/