On Sun, Apr 10, 2022 at 2:22 PM Daniel Shahaf <d...@daniel.shahaf.name> wrote:
>
> Mark Phippard wrote on Sun, 10 Apr 2022 16:30 +00:00:
> > Looking at past release announcements, they include a section on who
> > signed the release that looks like this:
> >
> >    Stefan Sperling [2048R/4F7DBAA99A59B973] with fingerprint:
> >     8BC4 DAE0 C5A4 D65F 4044  0107 4F7D BAA9 9A59 B973
> >    Branko Čibej [4096R/1BCA6586A347943F] with fingerprint:
> >     BA3C 15B1 337C F0FB 222B  D41A 1BCA 6586 A347 943F
> >    Johan Corveleyn [4096R/B59CE6D6010C8AAD] with fingerprint:
> >     8AA2 C10E EAAD 44F9 6972  7AEA B59C E6D6 010C 8AAD
> >
> > I am kind of at a loss for how to produce this information. Assuming
> > those three used the same keys as in the past, I would need to know
> > what this should like for:
> >
> > me
> > Nathan
> > Julian
> >
> > ... and possibly Daniel Sahlberg if he sends in a signature.  Our KEYS
> > file only includes the fingerprint.
>
> Our KEYS file includes the actual keys: it can be piped to
> «GNUPGHOME=$(mktemp -d) gpg --import» in order to verify signatures made
> by those keys.  It's the release announcement that includes just the
> fingerprints.

Sorry my message was not clear. Julian's answer was more what I was
asking. All I meant by the reference to the KEYS file is that the data
it contains, as compared to what we inlcude in our email, only
includes the key fingerprint. So I was wondering how, using the gpg
command. I can get the other elements we include .. such as: Stefan
Sperling [2048R/4F7DBAA99A59B973]

A problem I am having is with my key. I have to run the
write-announcement in my Docker image but that has an old version of
GPG that does not know what to do with my key.

Mark

Reply via email to