* Verifying recent tags in git.git
@ 2011-11-12 16:35 Ramsay Jones
2011-11-12 19:55 ` Stefan Naewe
0 siblings, 1 reply; 2+ messages in thread
From: Ramsay Jones @ 2011-11-12 16:35 UTC (permalink / raw)
To: Junio C Hamano; +Cc: GIT Mailing-list
Hi Junio,
I noticed that the v1.7.8-rc1 tag took about 24 hours to appear in the
kernel.org (and repo.or.cz) repository after you announced it and actually
pushed the branch out.
So, unusually, I decided to verify the tag when it did appear. However, it
did not verify! It seems that ever since v1.7.7 (ie v1.7.7.x and v1.7.8-rcx),
you have been signing the release tags with a new key-pair. (I assume that
you generated new keys at the beginning of October for use on kernel.org)
viz:
ramsay (master)$ git tag -v v1.7.7
object 703f05ad5835cff92b12c29aecf8d724c8c847e2
type commit
tag v1.7.7
tagger Junio C Hamano <gitster@pobox.com> 1317417666 -0700
Git 1.7.7
gpg: Signature made Fri Sep 30 22:21:06 2011 GMTDT using DSA key ID F3119B9A
gpg: Good signature from "Junio C Hamano <gitster@pobox.com>"
gpg: aka "Junio C Hamano <junkio@cox.net>"
gpg: aka "[jpeg image of size 1513]"
gpg: aka "Junio C Hamano <jch@google.com>"
gpg: aka "Junio C Hamano <junio@pobox.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 3565 2A26 2040 E066 C9A7 4A7D C0C6 D9A4 F311 9B9A
ramsay (master)$ git tag -v v1.7.8-rc1
object 4cb6764227173a6483edbdad09121651bc0b01c3
type commit
tag v1.7.8-rc1
tagger Junio C Hamano <gitster@pobox.com> 1320713324 -0800
Git 1.7.8-rc1
gpg: Signature made Tue Nov 8 00:48:44 2011 GMTST using RSA key ID 96AFE6CB
gpg: Can't check signature: public key not found
error: could not verify the tag 'v1.7.8-rc1'
ramsay (master)$
Note the key ID 96AFE6CB.
Are you planning to create an junio-gpg-pub-v2 tag? (or are you making it
available from a keyserver?)
If I have missed an announcement on this, then sorry for the noise!
ATB,
Ramsay Jones
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Verifying recent tags in git.git
2011-11-12 16:35 Verifying recent tags in git.git Ramsay Jones
@ 2011-11-12 19:55 ` Stefan Naewe
0 siblings, 0 replies; 2+ messages in thread
From: Stefan Naewe @ 2011-11-12 19:55 UTC (permalink / raw)
To: git
Ramsay Jones <ramsay <at> ramsay1.demon.co.uk> writes:
>
> Hi Junio,
>
> I noticed that the v1.7.8-rc1 tag took about 24 hours to appear in the
> kernel.org (and repo.or.cz) repository after you announced it and actually
> pushed the branch out.
>
> [...]
> Note the key ID 96AFE6CB.
>
> Are you planning to create an junio-gpg-pub-v2 tag? (or are you making it
> available from a keyserver?)
What about this:
http://pgp.mit.edu:11371/pks/lookup?search=0x96AFE6CB&op=index&fingerprint=on
Stefan
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-11-12 19:56 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-11-12 16:35 Verifying recent tags in git.git Ramsay Jones
2011-11-12 19:55 ` Stefan Naewe
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).