On Tue, May 14, 2013 at 12:55 AM, Shahar Roth <[email protected]> wrote:
> Hi Ole, Please use [email protected] for support (unless you want to hire me). > First, let me thank you for creating parallel. It's awesome :-) Thank you. If you like GNU Parallel: * Give a demo at your local user group/team/colleagues * Post the intro videos on Reddit/Diaspora*/forums/blogs/ Identi.ca/Google+/Twitter/Facebook/Linkedin/mailing lists * Request or write a review for your favourite blog or magazine * Request or build a package for your favourite distribution (if it is not already there) * Invite me for your next conference If you use GNU Parallel for research: * Please cite GNU Parallel in you publications (use --bibtex) If GNU Parallel saves you money: * (Have your company) donate to FSF https://my.fsf.org/donate/ > I hope you can help me out with this question- > I'm trying to download the latest version and I'd like to verify the > signature. I couldn't find explicit instructions how to do that on the gnu > parallel site. > A search led me to an email thread where you linked to your public keys but > I get this when I try to add your key to a ring: > > $ gpg --no-default-keyring --keyring vendors.gpg --import key > gpg: key FFFFFFF1: public key "Ole Tange <[email protected]>" imported > gpg: Total number processed: 1 > gpg: imported: 1 This looks fine. You should be able to do: $ echo | gpg # To initialize $ gpg --auto-key-locate keyserver --keyserver-options auto-key-retrieve parallel-*.tar.bz2.sig gpg: Signature made Tue 14 May 2013 09:11:53 AM CEST using DSA key ID FFFFFFF1 gpg: requesting key FFFFFFF1 from hkp server keys.gnupg.net gpg: /home/parallel/.gnupg/trustdb.gpg: trustdb created gpg: key FFFFFFF1: public key "Ole Tange <[email protected]>" imported gpg: no ultimately trusted keys found gpg: Total number processed: 1 gpg: imported: 1 gpg: Good signature from "Ole Tange <[email protected]>" gpg: aka "[jpeg image of size 4006]" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: BE9C B493 81DE 3166 A3BC 66C1 2C62 29E2 FFFF FFF1 > gpg: public key of ultimately trusted key C29EEC93 not found > gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model > gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u > > What is C29EEC93? This I do not know. A key with ultimate trust soulds like your own. Could it be that you have created a key, trusted it, and then removed the key again? > Could be helpful if the site contained easy to follow > instructions for verification. That is not a bad idea. I have put: To check the signature run: echo | gpg gpg --auto-key-locate keyserver --keyserver-options auto-key-retrieve parallel-*.tar.bz2.sig in the .sig file on ftp://alpha.gnu.org/gnu/parallel/ Please test that. > Thanks, > -Shahar /Ole
