On Wed, Jul 25, 2018 at 05:49:09AM +0200, Kurt Roeckx wrote: > On Sat, Jul 21, 2018 at 03:49:14PM -0500, Gunnar Wolf wrote: > > As we all finish packing our bags for Taiwan, several people have > > asked me what about the KSP list we are supposed to > > _print_at_home_. So, I took some time out of packing, and decided to > > finalize the needed bits to have this in working order! > > > > So, we have the final v1.0 list for the DebConf18 Continuous Key > > Signing Party! Please find it here: > > > > https://people.debian.org/~gwolf/ksp-dc18/ksp-dc18.txt > > > > If you want to ensure the file came from me, you can check the > > clear-signed version: > > > > https://people.debian.org/~gwolf/ksp-dc18/ksp-dc18.txt.asc > > This file really isn't usable, it's not a detached signature. It > can not be used to verify ksp-dc18.txt. > > When verifying it, you get: > $ gpg --verify ksp-dc18.txt.asc > gpg: Signature made Tue 24 Jul 2018 02:08:48 AM CEST > gpg: using RSA key AB41C1C68AFD668CA045EBF8673A03E4C1DB921F > gpg: Good signature from "Gunnar Eyal Wolf Iszaevich <[email protected]>" > [full] > gpg: aka "Gunnar Eyal Wolf Iszaevich <[email protected]>" [full] > gpg: aka "Gunnar Eyal Wolf Iszaevich (Instituto de > Investigaciones Económicas UNAM) <[email protected]>" [full] > gpg: WARNING: not a detached signature; file 'ksp-dc18.txt' was NOT verified! > > $ gpg --verify ksp-dc18.txt.asc ksp-dc18.txt > gpg: not a detached signature > > We need to verify the ksp-dc18.txt file, that's the file we'll all > compute the SHA256 for.
Download the .txt.sha256 and the .txt.sha256.asc and verify that; and then check that SHA256 in there matches the file and the shared SHA256. -- debian developer - deb.li/jak | jak-linux.org - free software dev ubuntu core developer i speak de, en
