Post by Matt Domsch
I did the release and it is signed with my key.
Download both the .tar.gz and .tar.gz asc files to the same directory.
gpg --keyserver hkps.pool.sks-keyservers.net
<http://hkps.pool.sks-keyservers.net> --recv-keys 92F0FC09
gpg -v s3cmd-1.6.0.tar.gz.asc
It will then report a good signature.
gpg: armor header: Version: GnuPG v1
gpg: assuming signed data in `s3cmd-1.6.0.tar.gz'
gpg: Signature made Fri 18 Sep 2015 09:03:40 AM CDT using RSA key
ID D1E3393D
gpg: using subkey D1E3393D instead of primary key 92F0FC09
gpg: using PGP trust model
gpg: aka "Matt Domsch
gpg: aka "[jpeg image of size 5004]"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to
the owner.
Primary key fingerprint: 17A4 17D0 81F5 4B5F DB1C AEF8 21AB EEF7 92F0 FC09
Subkey fingerprint: 51CD D511 63A4 F939 3035 73BF DED9 FB9C D1E3 393D
gpg: binary signature, digest algorithm SHA256
The WARNING bit will be seen unless you have personally established a
chain of trust to my key. I've got only 212 signatures on my key, so
it's likely we won't be directly connected, but my key is trusted by
keys in the "strong set", so hopefully you'll have a path through
there to trust my signature.
Hello All -
I need to update my s3tools package from an old version, went to
Sourceforge, and noticed the .asc signature file with the newest
version, downloaded them, but I don't see instructions how to use the
signature file to verify the package.
Am I missing something, like the right set of instructions?
Thanks very much
Perry Engle
------------------------------------------------------------------------------
_______________________________________________
S3tools-general mailing list
https://lists.sourceforge.net/lists/listinfo/s3tools-general
------------------------------------------------------------------------------
_______________________________________________
S3tools-general mailing list
https://lists.sourceforge.net/lists/listinfo/s3tools-general