On Sunday, 25 March 2018 at 04:01:28 UTC, Seb wrote:
gpg --verify --keyring ~/dlang/d-keyring.gpg
--no-default-keyring dmd.2.079.0.linux.tar.xz.sig
dmd.2.079.0.linux.tar.xz
Thanks, I guess this kinda works
I am now getting
gpg: Signature made Fri 02 Mar 2018 01:47:57 PM EST
gpg: using RSA key B273811612BB1939
gpg: Good signature from "Martin Nowak
<[email protected]>" [expired]
gpg: aka "Martin Nowak (dawg) <[email protected]>"
[expired]
gpg: aka "Martin Nowak <[email protected]>" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: AFC7 DB45 693D 62BB 472B F27B AB8F
E924 C2F7 E724
Subkey fingerprint: A734 4DAD 3C34 1EA1 2D13 C4E6 B273
8116 12BB 1939
The command is a bit tricky, originally i kept trying the command
with only the keyring file name, which didnt work, it needed the
path
(Note: the individual keys in the keyring are currently expired
and we are working on rolling out a new keyring, but that
doesn't affect yverifying the existing signatures.)
while you are at it, also add a sha1 or a sh256 checksum, i think
it will work better to verify the download
