octave-4.2.1-w64-installer.exe signed with revoked key

octave-maintainers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

octave-4.2.1-w64-installer.exe signed with revoked key

From:	Petr Tobiška
Subject:	octave-4.2.1-w64-installer.exe signed with revoked key
Date:	Tue, 16 May 2017 16:51:21 +0200

To whom it may concern,

I would like to install octave on my windows machine, so I downloaded
octave-4.2.1-w64-installer.exe together with the corresponding
signature as well as gnu-keyring.gpg.

Signature verification is succesfull:
$  gpg --verify --keyring /d/home/gnupg/gnu-keyring.gpg
octave-4.2.1-w64-installer.exe.sig
gpg: assuming signed data in `octave-4.2.1-w64-installer.exe'
gpg: Signature made Fri, Feb 24, 2017  2:30:57 PM RST using DSA key ID 5D36644B
gpg: Good signature from "John W. Eaton <address@hidden>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: DBD9 C84E 39FE 1AAE 99F0  4446 B05F 05B7 5D36 644B

However, pgp.mit.edu as well as sks-keyservers.net report that the key
used for the signature was revoked nearly 3 years ago:

pub  1024R/5D36644B 2014-06-16 *** KEY REVOKED *** [not verified]
                               John W. Eaton <address@hidden>

This sounds suspiciously. Could you please correct it?

Thanks and best regards,

Petr Tobiska

[Prev in Thread]

Current Thread

[Next in Thread]

octave-4.2.1-w64-installer.exe signed with revoked key, Petr Tobiška <=

Prev by Date: Re: Compiling from source "The right way"
Next by Date: Failed with output: Hydra job gnu:octave-default:tarball on x86_64-linux
Previous by thread: Compiling from source "The right way"
Next by thread: RPM based distribution support from Octave Forge
Index(es):
- Date
- Thread