Am Montag, 12. Dezember 2016, 10:46:41 CET schrieb François Patte: > Bonjour, > > I try to verify my download of darktable-2.0.7 with gpg.
Very nice, I wonder how many people actually do that. :-) > I downloaded thez .asc file together the xz file. But I can't import the > .asc in my keyring: "no public key found" is the answer to > > gpg2 --import darktable*.asc > > same answer with > > gpg2 --verify > > > What to do? Those .asc files are just the signatures. First you need to grab the actual public key from a key server. The fingerprint is C4CB C150 6999 56E2 A326 8EF5 BB5C C829 5B17 79C9 You can verify the key you get by: - checking that it's signed with the key that also signed this mail - going to our IRC channel and comparing the fingerprint to the one in the channel topic - Going to https://www.darktable.org/contact/ and looking for the fingerprint there. To actually get the key, run gpg --keyserver pgp.mit.edu --recv C4CBC150699956E2A3268EF5BB5CC8295B1779C9 > Thank you. Tobias
signature.asc
Description: This is a digitally signed message part.
