* Message by -Raymond Toy- from Sun 2010-03-14: > On 3/14/10 7:20 AM, Lasse Kliemann wrote: > > * Message by -Raymond Toy- from Sat 2010-03-13: > > > >> On 3/13/10 9:17 PM, Lasse Kliemann wrote: > >> > >>> Can someone please point me to OpenPGP key 0xB4900DBC? > >>> > >>> It was used to sign the 20a release, but I haven't found it > >>> anywhere. It seems to be on no keyserver. > >>> > >>> > >> Is this for the FreeBSD binaries? > >> > > It is (at least) for Linux and Solaris binaries and for the > > source code, i.e., these files: > > > > cmucl-20a-x86-linux.tar.bz2 > > cmucl-20a-sparcv9-solaris8.tar.bz2 > > cmucl-src-20a.tar.bz2 > > > Hmm. I made those binaries. I guess I never uploaded the key anywhere, > and, unfortunately, I no longer have access to the machine that I used > to sign these. I thought I saved those keys to my current machine but > it seems that I didn't.
Now you know that I'm the only user that cares about signatures. :-) I know that it's an "approximate security" thing anyway. But at least I can gain statements like: "Release n was signed by the same authority that signed release n-1, and release n-1 did not look manipulated to me after using it for some time." > If you are concerned about these, I can generate new binaries and > signatures for these files. It will take some time to do, though. So you don't have "master copies" of those files around? We could just compare checksums then: e88dd79bdecf17c2670f5b7aa430cc0414acfde2 cmucl-20a-sparcv9-solaris8.tar.bz2 f9b3141f9298abe1f69cbb88938ff96a12445eb6 cmucl-20a-x86-linux.tar.bz2 4381905b212678f7953920abb49bf24e822d1ace cmucl-src-20a.tar.bz2 Otherwise, if you say that you don't see any indication that those files have been manipulated, that would suffice as well. Thank you! -- Attached file included as plaintext by Listar -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQIcBAEBAgAGBQJLnPRTAAoJEFYll6N4nhdvissQALDxgpsiPpoBIQJfUUU9plAa ZkJcpn3s9TSNfMAvLf2cQUNMbtt3IXpk42eIQq2sgZnPAnGoj2pUh2cH7nEarrmb 1z10wk8mMgpaU1abP96t0cUDo6+0A6ZbNQl/qMBJFAFHMMdHMgoWt5WyU2jsKub2 AykoxKCIqIGuw1H8pYmpN80Sbov20cVWF4/yI4d+h6sOOUC+u2LRGxX5OxlYF036 oqWzUsQ4WGT5bFgv4nc8Ipk3hJYwvjN7Ca5HUqJKyXCskH445DpEf+584SnsOzbf hK47nH51+Ot/Fk0JEz7ZQqo+285NoXwwrooWKlWqG1FIrCbiMNwZGxkL+LGQlfxj JhXFCKKhBXSi4bh9qLFS6g+PEOwZifxIAmICfDcFdKM/JWM8kvaCJ+NWvrkCIXul u+JftlUxInOurkEP65wOUFa/ZAb4Y1yGDHM3F2A7fXqMerHgHDN274sBo/rRXZa5 U0ptatOMFrAOK0ez+Ci/+xiRq+2/w8pjcbqDYOdPnDTIfF/5aPK42CTwBIGhT8X+ ixU+kurzHSvG85Z33UpOc5AuxNz4FD4/3GtO970vpc3Xd3WgJJSAG7i1RQ/fDSnw rT4kw0nKdsV7J0rA0Nx6y+XLRj2rDbRaY1iPdR3f4ltr4xcBOPSh0zWHGSGeOjSV a21M9u7xlr43KDElgr7e =3ON8 -----END PGP SIGNATURE-----
