Thanks for the note! I'm not sure what to do about this, since I don't
use the "asdf/tools" myself. I never figured out how to debug the lisp
scripts there, so I have stuck to the old code that is based on bash and
make.
That looks like code that is probably related to the creation of Debian
packages for ASDF. No one has been doing that for years. I should
probably prune the code for doing that....
Best,
R
On 22 Dec 2021, at 10:54, Attila Lendvai wrote:
Robert,
i have this local diff:
- (error "Please export variable DEBSIGN_KEYID to be the 8-hex hash of
your GnuPG secret key")))
+ (error "Please export variable DEBSIGN_KEYID to be the 16+ digit
hexadecimal hash of your GnuPG secret key")))
there's an ongoing attack against PGP keys where a white hat hacker is
brute-forcing the published keys to generate keys that have the same
hash/fingerprint, or at least the last 8 digits.
luckily they also publish a revocation certificate for these fake
keys, but i recommend using longer than 8 digit fingerprints when
identifying PGP keys.
just a head's up, probably not very urgent/relevant.
- attila
PGP: 5D5F 45C7 DFCD 0A39
