10:36 a.m.
While the key is available on public GPG key servers, having it locally
at https://libvirt.org/sources/gpg_key.asc is even better.
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
---
docs/downloads.html.in | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/docs/downloads.html.in b/docs/downloads.html.in
index ca14b3ecba..90a0cf7717 100644
--- a/docs/downloads.html.in
+++ b/docs/downloads.html.in
@@ -608,7 +608,9 @@ git clone git://libvirt.org/[module name].git</pre>
on this project site are signed with a GPG signature. You should always
verify the package signature before using the source to compile binary
packages. The following key is currently used to generate the GPG
- signatures:
+ signatures and it can be
+ <a
href="https://libvirt.org/sources/gpg_key.asc">downloaded<... from
this
+ site or from public GPG key servers:
</p>
<pre>
pub 4096R/10084C9C 2020-07-20 Jiří Denemark &lt;jdenemar(a)redhat.com&gt;
--
2.31.1
12:47 p.m.
On Thu, 2021-04-01 at 17:36 +0200, Jiri Denemark wrote:
While the key is available on public GPG key servers, having it
locally
at https://libvirt.org/sources/gpg_key.asc is even better.
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
---
docs/downloads.html.in | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
I love the idea, but I would like to suggest a slightly alternative
implementation of it:
diff --git a/docs/downloads.html.in b/docs/downloads.html.in
index ca14b3ecba..0187062cef 100644
--- a/docs/downloads.html.in
+++ b/docs/downloads.html.in
@@ -615,6 +615,12 @@ pub 4096R/10084C9C 2020-07-20 Jiří Denemark
&lt;jdenemar(a)redhat.com&gt;
Fingerprint=453B 6531 0595 5628 5547 1199 CA68 BE80 1008 4C9C
</pre>
+ <p>
+ It can be downloaded from
+ <a href="https://libvirt.org/sources/gpg_key.asc">this
site</a> or from
+ public GPG key servers.
+ </p>
+
<p>
Releases prior to libvirt-6.6 were signed with the following GPG key:
</p>
What do you think?
--
Andrea Bolognani / Red Hat / Virtualization
1:18 p.m.
On a Thursday in 2021, Jiri Denemark wrote:
While the key is available on public GPG key servers, having it
locally
at https://libvirt.org/sources/gpg_key.asc is even better.
I don't remember where but I think someone was trying to find the
key used to sign libvirt-glib. Also, Pavel uses his key to sign
libvirt-dbus releases.
We could reflect that in the naming scheme to put their keys there too.
Or put all the keys in gpg_keys.asc, like GnuPG does:
https://gnupg.org/signature_key.html
I also noticed that we have empty folders there (csharp, go, ruby, rust) and that
the 'old' release folder was not "updated" in a while.
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
---
docs/downloads.html.in | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/docs/downloads.html.in b/docs/downloads.html.in
index ca14b3ecba..90a0cf7717 100644
--- a/docs/downloads.html.in
+++ b/docs/downloads.html.in
@@ -608,7 +608,9 @@ git clone git://libvirt.org/[module name].git</pre>
on this project site are signed with a GPG signature. You should always
verify the package signature before using the source to compile binary
packages. The following key is currently used to generate the GPG
- signatures:
+ signatures and it can be
+ <a
href="https://libvirt.org/sources/gpg_key.asc">downloaded<... from
this
+ site or from public GPG key servers:
Reviewed-by: Ján Tomko <jtomko(a)redhat.com>
Jano
</p>
<pre>
pub 4096R/10084C9C 2020-07-20 Jiří Denemark &lt;jdenemar(a)redhat.com&gt;
--
2.31.1
5:08 a.m.
On Thu, Apr 01, 2021 at 20:18:33 +0200, Ján Tomko wrote:
On a Thursday in 2021, Jiri Denemark wrote:
>While the key is available on public GPG key servers, having it locally
>at https://libvirt.org/sources/gpg_key.asc is even better.
>
Oops, I completely forgot I have this patch in queue :-)
I don't remember where but I think someone was trying to find
the
key used to sign libvirt-glib. Also, Pavel uses his key to sign
libvirt-dbus releases.
I guess such keys could be stored in the subdirectories associated with
these projects.
Jirka
1323
days inactive
1331
days old
3 comments
3 participants
participants (3)
-
Andrea Bolognani -
Jiri Denemark -
Ján Tomko