"Nelson H. F. Beebe" <[EMAIL PROTECTED]> writes: > The new version of bison in > > ftp://alpha.gnu.org/gnu/bison/bison-2.0b.tar.gz* > > has a digital signature file with key 0xB5C4CE13, but that key is not > registered at four major public key servers > > http://math-www.uni-paderborn.de/pgp/ > http://pgp.zdv.uni-mainz.de/keyserver/pks-commands.html#extract > http://www.cl.cam.ac.uk/PGP/pks-commands.html#extract > http://pgp.mit.edu/ > > that I checked, nor is it in today's GNU keyring at > > ftp://ftp.gnu.org/gnu/gnu-keyring.gpg > > If the signing key is legitimate, can it please be registered so that > installers can have some confidence that the distribution is not > forged?
Thanks for reporting this. You can find that GPG key here: http://savannah.gnu.org/people/viewgpg.php?user_id=225 and just now I added it to pgp.mit.edu and asked that gnu-keyring.gpg be updated.
