[LLVMbugs] [Bug 10294] New: Release tarballs are signed with a key that is nowhere to be found

bugzilla-daemon Thu, 07 Jul 2011 05:19:07 -0700

http://llvm.org/bugs/show_bug.cgi?id=10294


           Summary: Release tarballs are signed with a key that is nowhere
                    to be found
           Product: Website
           Version: unspecified
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: General Website
        AssignedTo: [email protected]
        ReportedBy: [email protected]
                CC: [email protected]


To reproduce:

1. Download http://llvm.org/releases/2.9/llvm-2.9.tgz
2. Download http://llvm.org/releases/2.9/llvm-2.9.tgz.sig
3. Run gpg --verify llvm-2.9.tgz.sig
[gpg indicates key E95C63DC is unknown]
4. Run gpg --recv-key E95C63DC
[gpg indicates the key cannot be found on the public keyserver]
5. Google for E95C63DC
[cannot find the key with Google either]

Actual result:

The key used to sign llvm-2.9.tgz is nowhere to be found. Hence the signature
cannot be verified. Hence the .sig files are rather useless.

Expected result:

The key should be available on the public keyservers and/or on the LLVM
website.

-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
_______________________________________________
LLVMbugs mailing list
[email protected]
http://lists.cs.uiuc.edu/mailman/listinfo/llvmbugs

[LLVMbugs] [Bug 10294] New: Release tarballs are signed with a key that is nowhere to be found

Reply via email to