On 19/05/2017 17:50, David Sommerseth wrote: > On 19/05/17 16:28, Jonathan K. Bullard wrote: >> When I try to verify the signature on openvpn-2.3.16.tar.gz (using >> openvpn-2.3.16.tar.gz.asc) from the "Downloads" page [1], I get the >> following: >> >> gpg: assuming signed data in `XXX/openvpn-2.3.16.tar.gz' >> gpg: Signature made Thu May 18 16:56:48 2017 EDT using RSA key ID >> 8CC2B034 >> gpg: Can't check signature: public key not found >> >> The signatures on openvpn-2.3.15.tar.gz (downloaded last week) and on >> openvpn-2.4.2.tar.gz both verify fine. >> >> I think this is because Samuli's new key's ID is not 8CC2B034, it is >> 40864578 (if I understand correctly what is meant by "ID".) > > Samuli have an old key (0x198D22A3, RSA-1024) and a new key (0x40864578, > RSA-2048). He have switched to the new key and prefers to use that one. > > We decided just a few days ago that we will switch to use the > secur...@openvpn.net key for signing the officially released tarballs. > > >> Is 8CC2B034 the "Security mailing list GPGP key" on the "GnuPG Public >> Key" page [2]? > The proper key is: > pub 4096R/0x12F5F7B42F2B01E7 2017-02-09 [expires: 2027-02-07] > Key fingerprint = F554 A368 7412 CFFE BDEF E0A3 12F5 F7B4 2F2B 01E7 > uid OpenVPN - Security Mailing List <secur...@openvpn.net> > > Which can also be found here: > <http://pgp.mit.edu/pks/lookup?op=get&search=0x12F5F7B42F2B01E7> > > >> The link on that page to that key is broken (and includes >> Javascript!). > > Yes! I discovered the same issue and reported it internally a couple of > hours ago. I expect it to be fixed in not too long. >
Hi, Joomla did not seem to like the fact that file name was secur...@openvpn.net.key.asc. So I renamed it as security.key.asc. That seems to work fine. Right now the signature situation is a bit confusing, as 2.4.2 is still signed with my new key, and 2.3.16 is using the secur...@openvpn.net key. That is all documented here, though: <https://openvpn.net/index.php/open-source/documentation/sig.html> -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
