Duplicity

A key used to sign downloads

Asked by faultybit

I'm trying to verify the signature of duplicity-0.6.23.tar.gz and I have some difficulties with finding the key used to sign that archive. Which key are you using to sign the official downloads?

Thanks in advance.

Question information

Language:
English Edit question
Status:
Solved
For:
Duplicity Edit question
Assignee:
No assignee Edit question
Solved by:
Kenneth Loafman
Solved:
Last query:
Last reply:
Revision history for this message
edso (ed.so) said : 		#1

on the launchpad download page
 https://code.launchpad.net/duplicity/0.6-series/0.6.23
is a link "(How do I verify a download?)"
 https://code.launchpad.net/+help-registry/verify-downloads.html
describing howto and where to get the key. try that.

..ede/duply.net

On 03.04.2014 17:21, faultybit wrote:
> New question #246468 on Duplicity:
> https://answers.launchpad.net/duplicity/+question/246468
>
> I'm trying to verify the signature of duplicity-0.6.23.tar.gz and I have some difficulties with finding the key used to sign that archive. Which key are you using to sign the official downloads?
>
> Thanks in advance.
>
>

Revision history for this message
faultybit (faultybit) said : 		#2

It does not work unfortunately.

Here's the output:
$ gpg --verify duplicity-0.6.23.tar.gz.sig
gpg: Signature made Fri, Jan 24, 2014 1:52:19 PM CET using DSA key ID E654E600
gpg: Can't check signature: public key not found

$ gpg --recv-keys E654E600
gpg: requesting key E654E600 from hkp server keys.gnupg.net
gpgkeys: key E654E600 not found on keyserver
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

I'm using cygwin.

Thanks in advance.

Revision history for this message
Best Kenneth Loafman (kenneth-loafman) said : 		#3

OK. Key pushed to keys.pgp.net.

On Thu, Apr 3, 2014 at 12:26 PM, faultybit <
<email address hidden>> wrote:

> Question #246468 on Duplicity changed:
> https://answers.launchpad.net/duplicity/+question/246468
>
> Linked to bug: #881716
> https://bugs.launchpad.net/bugs/881716
> "GPG package signing key is not published"
>
> --
> You received this question notification because you are a member of
> duplicity-team, which is an answer contact for Duplicity.
>
> _______________________________________________
> Mailing list: https://launchpad.net/~duplicity-team
> Post to : <email address hidden>
> Unsubscribe : https://launchpad.net/~duplicity-team
> More help : https://help.launchpad.net/ListHelp
>

Revision history for this message
faultybit (faultybit) said : 		#4

Thanks Kenneth Loafman, that solved my question.