On Sun, Apr 10, 2022 at 2:22 PM Daniel Shahaf <d...@daniel.shahaf.name> wrote: > > Mark Phippard wrote on Sun, 10 Apr 2022 16:30 +00:00: > > Looking at past release announcements, they include a section on who > > signed the release that looks like this: > > > > Stefan Sperling [2048R/4F7DBAA99A59B973] with fingerprint: > > 8BC4 DAE0 C5A4 D65F 4044 0107 4F7D BAA9 9A59 B973 > > Branko Čibej [4096R/1BCA6586A347943F] with fingerprint: > > BA3C 15B1 337C F0FB 222B D41A 1BCA 6586 A347 943F > > Johan Corveleyn [4096R/B59CE6D6010C8AAD] with fingerprint: > > 8AA2 C10E EAAD 44F9 6972 7AEA B59C E6D6 010C 8AAD > > > > I am kind of at a loss for how to produce this information. Assuming > > those three used the same keys as in the past, I would need to know > > what this should like for: > > > > me > > Nathan > > Julian > > > > ... and possibly Daniel Sahlberg if he sends in a signature. Our KEYS > > file only includes the fingerprint. > > Our KEYS file includes the actual keys: it can be piped to > «GNUPGHOME=$(mktemp -d) gpg --import» in order to verify signatures made > by those keys. It's the release announcement that includes just the > fingerprints.
Sorry my message was not clear. Julian's answer was more what I was asking. All I meant by the reference to the KEYS file is that the data it contains, as compared to what we inlcude in our email, only includes the key fingerprint. So I was wondering how, using the gpg command. I can get the other elements we include .. such as: Stefan Sperling [2048R/4F7DBAA99A59B973] A problem I am having is with my key. I have to run the write-announcement in my Docker image but that has an old version of GPG that does not know what to do with my key. Mark
