Totally Legit Signing Key?

Peter Otten Mon, 04 Mar 2019 11:40:56 -0800

For once I tried to verify a download from python.org, following the steps 
outlined at


https://www.python.org/downloads/#pubkeys

"""
You can import the release manager public keys by either downloading the public 
key file from here and then running

gpg --import pubkeys.txt
"""

When I ran the command above I saw

$ gpg --import pubkeys.txt 
gpg: Schlüssel 6F5E1540: "Ned Deily <n...@acm.org>" 2 neue Signaturen
gpg: Schlüssel 6A45C816: "Anthony Baxter <anth...@interlink.com.au>" nicht 
geändert
gpg: Schlüssel 36580288: "Georg Brandl (Python release signing key) 
<ge...@python.org>" 2 neue Signaturen
gpg: Schlüssel 7D9DC8D2: "Martin v. Löwis <mar...@v.loewis.de>" nicht geändert
gpg: Schlüssel 18ADD4FF: "Benjamin Peterson <b...@benjamin.pe>" 3 neue 
Signaturen
gpg: Schlüssel A4135B38: "Benjamin Peterson <benja...@python.org>" 1 neue 
Signatur
gpg: Schlüssel A74B06BF: "Barry Warsaw <ba...@warsaw.us>" 138 neue Signaturen
gpg: Schlüssel EA5BBD71: "Barry A. Warsaw <ba...@warsaw.us>" 6 neue Signaturen
gpg: Schlüssel E6DF025C: "Ronald Oussoren <ronaldousso...@mac.com>" nicht 
geändert
gpg: Schlüssel F73C700D: "Larry Hastings <la...@hastings.org>" 2 neue Signaturen
gpg: Schlüssel AA65421D: "Ned Deily (Python release signing key) 
<n...@python.org>" 1 neue User-ID
gpg: Schlüssel AA65421D: "Ned Deily (Python release signing key) 
<n...@python.org>" 20 neue Signaturen
gpg: Schlüssel 487034E5: "Steve Dower (Python Release Signing) 
<steve.do...@microsoft.com>" 8 neue Signaturen
gpg: Schlüssel 10250568: Öffentlicher Schlüssel "Łukasz Langa (GPG langa.pl) 
<luk...@langa.pl>" importiert
gpg: Schlüssel 487034E5: Öffentlicher Schlüssel "Totally Legit Signing Key 
<mall...@example.org>" importiert
gpg: Schlüssel F73C700D: Öffentlicher Schlüssel "Totally Legit Signing Key 
<mall...@example.org>" importiert
gpg: Schlüssel 6F5E1540: Öffentlicher Schlüssel "Totally Legit Signing Key 
<mall...@example.org>" importiert
gpg: Schlüssel AA65421D: Öffentlicher Schlüssel "Totally Legit Signing Key 
<mall...@example.org>" importiert
gpg: Schlüssel E6DF025C: Öffentlicher Schlüssel "Totally Legit Signing Key 
<mall...@example.org>" importiert
gpg: Schlüssel EA5BBD71: Öffentlicher Schlüssel "Totally Legit Signing Key 
<mall...@example.org>" importiert
[...]

Now "totally legit" does sound like anything but "totally legit". Is there a 
problem with my machine, or python.org, or is this all "totally legit"?

Advice or pointers welcome.


-- 
https://mail.python.org/mailman/listinfo/python-list

Totally Legit Signing Key?

Reply via email to