Launchpad itself

bzr Signature Key

Asked by Alex Alvarez

When you click the "How do I verify a download?" link at the top of the bzr download webpage (https://launchpad.net/bzr/+download), it direct you to use the "2F9532C8" key ID, but when you download signature files for bzr versions 2.5b4 or 2.4.2, for example, it seems to have been signed with key ID "DEF6218F." Could you verify and update things, accordingly?

Thanks!

Question information

Language:
English Edit question
Status:
Answered
For:
Launchpad itself Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Whiteboard:
Reassigning to Launchpad - it's the generic help text on Launchpad about verifying signatures that the user is asking about.
Revision history for this message
Jelmer Vernooij (jelmer) said : 		#1

The text in "How do I verify a download?" talks about examples on verifying signatures. The key ids there aren't the actual keys that were used for the particular project you're downloading and verifying.

Revision history for this message
Alex Alvarez (eajam) said : 		#2

Thanks for your response! Now, is there are a page within Lauchpad where the key ID for the right person(s) that are supposed to sign the Bzr packages is identified? You can certainly use gpg to identify who signed it and then find the public key through a PGP repository, but that does not mean that the right person signed it, which is the whole point of the execise. Thanks!

Revision history for this message
Max Bowsher (maxb) said : 		#3

No, Launchpad does not track official signers for projects.

Can you help with this problem?

Provide an answer of your own, or ask Alex Alvarez for more information if necessary.

To post a message you must log in.