Re: [libvirt PATCH] downloads.html: Add a link to GPG key used signing releases
On Thu, Apr 01, 2021 at 20:18:33 +0200, Ján Tomko wrote: > On a Thursday in 2021, Jiri Denemark wrote: > >While the key is available on public GPG key servers, having it locally > >at https://libvirt.org/sources/gpg_key.asc is even better. > > Oops, I completely forgot I have this patch in queue :-) > I don't remember where but I think someone was trying to find the > key used to sign libvirt-glib. Also, Pavel uses his key to sign > libvirt-dbus releases. I guess such keys could be stored in the subdirectories associated with these projects. Jirka
Re: [libvirt PATCH] downloads.html: Add a link to GPG key used signing releases
On a Thursday in 2021, Jiri Denemark wrote: While the key is available on public GPG key servers, having it locally at https://libvirt.org/sources/gpg_key.asc is even better. I don't remember where but I think someone was trying to find the key used to sign libvirt-glib. Also, Pavel uses his key to sign libvirt-dbus releases. We could reflect that in the naming scheme to put their keys there too. Or put all the keys in gpg_keys.asc, like GnuPG does: https://gnupg.org/signature_key.html I also noticed that we have empty folders there (csharp, go, ruby, rust) and that the 'old' release folder was not "updated" in a while. Signed-off-by: Jiri Denemark --- docs/downloads.html.in | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/downloads.html.in b/docs/downloads.html.in index ca14b3ecba..90a0cf7717 100644 --- a/docs/downloads.html.in +++ b/docs/downloads.html.in @@ -608,7 +608,9 @@ git clone git://libvirt.org/[module name].git on this project site are signed with a GPG signature. You should always verify the package signature before using the source to compile binary packages. The following key is currently used to generate the GPG - signatures: + signatures and it can be + https://libvirt.org/sources/gpg_key.asc;>downloaded from this + site or from public GPG key servers: Reviewed-by: Ján Tomko Jano pub 4096R/10084C9C 2020-07-20 Jiří Denemark jdene...@redhat.com -- 2.31.1 signature.asc Description: PGP signature
Re: [libvirt PATCH] downloads.html: Add a link to GPG key used signing releases
On Thu, 2021-04-01 at 17:36 +0200, Jiri Denemark wrote: > While the key is available on public GPG key servers, having it locally > at https://libvirt.org/sources/gpg_key.asc is even better. > > Signed-off-by: Jiri Denemark > --- > docs/downloads.html.in | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) I love the idea, but I would like to suggest a slightly alternative implementation of it: diff --git a/docs/downloads.html.in b/docs/downloads.html.in index ca14b3ecba..0187062cef 100644 --- a/docs/downloads.html.in +++ b/docs/downloads.html.in @@ -615,6 +615,12 @@ pub 4096R/10084C9C 2020-07-20 Jiří Denemark jdene...@redhat.com Fingerprint=453B 6531 0595 5628 5547 1199 CA68 BE80 1008 4C9C + + It can be downloaded from + https://libvirt.org/sources/gpg_key.asc;>this site or from + public GPG key servers. + + Releases prior to libvirt-6.6 were signed with the following GPG key: What do you think? -- Andrea Bolognani / Red Hat / Virtualization
[libvirt PATCH] downloads.html: Add a link to GPG key used signing releases
While the key is available on public GPG key servers, having it locally at https://libvirt.org/sources/gpg_key.asc is even better. Signed-off-by: Jiri Denemark --- docs/downloads.html.in | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/downloads.html.in b/docs/downloads.html.in index ca14b3ecba..90a0cf7717 100644 --- a/docs/downloads.html.in +++ b/docs/downloads.html.in @@ -608,7 +608,9 @@ git clone git://libvirt.org/[module name].git on this project site are signed with a GPG signature. You should always verify the package signature before using the source to compile binary packages. The following key is currently used to generate the GPG - signatures: + signatures and it can be + https://libvirt.org/sources/gpg_key.asc;>downloaded from this + site or from public GPG key servers: pub 4096R/10084C9C 2020-07-20 Jiří Denemark jdene...@redhat.com -- 2.31.1
