Re: New pkgsrc-security GPG key

To: pkgsrc-users%NetBSD.org@localhost, tech-pkg%NetBSD.org@localhost
Subject: Re: New pkgsrc-security GPG key
From: Thomas Klausner <wiz%NetBSD.org@localhost>
Date: Thu, 14 Dec 2023 09:22:37 +0100

On Wed, Dec 13, 2023 at 09:00:40AM +0100, Thomas Klausner wrote:
> Hi!
> 
> Like every year, I've just updated the pkgsrc-security GPG key.  You
> can find it in the wiki http://pkgsrc.org/pkgsrc-security_pgp_key.asc
> or on
> http://ftp.netbsd.org/pub/NetBSD/security/PGP/pkgsrc-security%40NetBSD.org.asc
> 
> and here's the fingerprint:
> 
> pub   4096R/AE992662 2023-12-10 [expires: 2025-01-03]
>       Key fingerprint = F3FF 2CC1 F2F9 B8EF FD71  559C 0A93 77FB AE99 2662
> uid                  pkgsrc Security Team <pkgsrc-security%NetBSD.org@localhost>
> uid                  pkgsrc Security Team <pkgsrc-security%pkgsrc.org@localhost>
> sub   4096R/4DCF3CE9 2023-12-10 [expires: 2025-01-03]

It was pointed out to me that gpg2 does not show signatures made by
gpg1 by default, since those use SHA1.

I've re-signed the key with gpg2 and updated it in all locations.

If you already imported the first version, you might have to delete it
before importing the new version, since gpg2 sees that there are gpg1
signatures, it just doesn't show them, and might be confused by double
signatures (one made with ggp1, one with gpg2) using the same key.

Cheers,
 Thomas

References:
- New pkgsrc-security GPG key
  - From: Thomas Klausner

Prev by Date: daily pkgsrc CVS update output
Next by Date: daily pkgsrc CVS update output
Previous by Thread: New pkgsrc-security GPG key
Indexes:

Home | Main Index | Thread Index | Old Index