Re: GPG public keys

2015-12-09 Thread Jamie Evans
Thanks, Junio, for the tutorial! I had tried to lookup the key, but failed to put the ‘0x’ at the head. I was actually verifying the signature on a tarball release. Just curious, how do I know the key in the database really belongs to you? It’s has your name and email, but what’s to keep

Re: GPG public keys

2015-12-09 Thread Jeff King
On Wed, Dec 09, 2015 at 09:03:47AM -0800, Jamie Evans wrote: > Thanks, Junio, for the tutorial! I had tried to lookup the key, but > failed to put the ‘0x’ at the head. An easier way to get keys is just: $ gpg --recv-keys 96AFE6CB gpg: requesting key 96AFE6CB from hkp server keys.gnupg.net

Re: GPG public keys

2015-12-09 Thread Stefan Beller
On Wed, Dec 9, 2015 at 2:04 PM, Jeff King wrote: > > Of course you can't just fetch the v1.7.1.4 tag _now_, because the same > person impersonating the most recent tag could also be impersonating > (and back-dating) the older tags. But you could fetch it now, store it > somewhere

Re: GPG public keys

2015-12-09 Thread Jeff King
On Wed, Dec 09, 2015 at 02:24:17PM -0800, Stefan Beller wrote: > On Wed, Dec 9, 2015 at 2:04 PM, Jeff King wrote: > > > > Of course you can't just fetch the v1.7.1.4 tag _now_, because the same > > person impersonating the most recent tag could also be impersonating > > (and

Re: GPG public keys

2015-12-09 Thread brian m. carlson
On Wed, Dec 09, 2015 at 05:43:36PM -0500, Jeff King wrote: > On Wed, Dec 09, 2015 at 02:24:17PM -0800, Stefan Beller wrote: > > > On Wed, Dec 9, 2015 at 2:04 PM, Jeff King wrote: > > > > > > Of course you can't just fetch the v1.7.1.4 tag _now_, because the same > > > person

GPG public keys

2015-12-08 Thread Jamie Evans
Hello, Can you please point me to the public GPG keys used for source code signing? Thanks, Jamie -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: GPG public keys

2015-12-08 Thread Junio C Hamano
Jamie Evans writes: > Can you please point me to the public GPG keys used for source code signing? I suspect that you are asking about our project, but instead of throwing you a fish, I'll show you how to catch one yourself. In a copy of linux kernel repository I have