[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #23510] gpg signing subkey for release 4.4.0 not cross-certified
From: |
cfr |
Subject: |
[bug #23510] gpg signing subkey for release 4.4.0 not cross-certified |
Date: |
Sat, 07 Jun 2008 14:57:08 +0000 |
User-agent: |
Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14 |
Follow-up Comment #4, bug #23510 (project findutils):
Would you accept alternate verification of this release, such as a gpg signed
email asserting the SHA1 sum of the primary tarball, using a newer key to sign
the mail?
That would be fine with me as long as I can verify the signature.
It's possible (albeit a bit more difficult) to update the .sig on the FTP
site; do we need to look into taking the action of posting a replacement .sig
with a newer key?
As far as I'm concerned, no. The alternative method sounds fine.
I would wait for the next release but I've been trying to help a user in a
support forum and that user has tried updating to the current version of
findutils because we thought that would solve the problem. If I can update,
too, it would help us narrow the problem down.
Thanks for your help.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?23510>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/