[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
octave-4.2.1-w64-installer.exe signed with revoked key
From: |
Petr Tobiška |
Subject: |
octave-4.2.1-w64-installer.exe signed with revoked key |
Date: |
Tue, 16 May 2017 16:51:21 +0200 |
To whom it may concern,
I would like to install octave on my windows machine, so I downloaded
octave-4.2.1-w64-installer.exe together with the corresponding
signature as well as gnu-keyring.gpg.
Signature verification is succesfull:
$ gpg --verify --keyring /d/home/gnupg/gnu-keyring.gpg
octave-4.2.1-w64-installer.exe.sig
gpg: assuming signed data in `octave-4.2.1-w64-installer.exe'
gpg: Signature made Fri, Feb 24, 2017 2:30:57 PM RST using DSA key ID 5D36644B
gpg: Good signature from "John W. Eaton <address@hidden>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: DBD9 C84E 39FE 1AAE 99F0 4446 B05F 05B7 5D36 644B
However, pgp.mit.edu as well as sks-keyservers.net report that the key
used for the signature was revoked nearly 3 years ago:
pub 1024R/5D36644B 2014-06-16 *** KEY REVOKED *** [not verified]
John W. Eaton <address@hidden>
This sounds suspiciously. Could you please correct it?
Thanks and best regards,
Petr Tobiska
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- octave-4.2.1-w64-installer.exe signed with revoked key,
Petr Tobiška <=