Hi, On Fri, Feb 25, 2022 at 02:42:28PM -0500, Frank Ch. Eigler via Elfutils-devel wrote: > > Could you please point me toward the PGP/GPG public keys necessary to > > validate the elfutils release tarballs against their .sig files? > > Try these: > > https://sourceware.org/elfutils/ftp/gpgkey-1AA44BE649DE760A.gpg > https://sourceware.org/elfutils/ftp/gpgkey-5C1D1AA44BE649DE760A.gpg
There is also the GPG-KEY file inside the tar.gz dists (obviously then you have to unpack the tarbal first to get at that before you can check it...) But you can also get it from git: https://sourceware.org/git/?p=elfutils.git;a=blob_plain;f=GPG-KEY;hb=HEAD Cheers, Mark
