Re: Keys for the DC18 Key Signing Party - Ready for printing!

[Julian Andres Klode <jak@debian.org>]

On Wed, Jul 25, 2018 at 05:49:09AM +0200, Kurt Roeckx wrote:
> On Sat, Jul 21, 2018 at 03:49:14PM -0500, Gunnar Wolf wrote:
> > As we all finish packing our bags for Taiwan, several people have
> > asked me what about the KSP list we are supposed to
> > _print_at_home_. So, I took some time out of packing, and decided to
> > finalize the needed bits to have this in working order!
> > 
> > So, we have the final v1.0 list for the DebConf18 Continuous Key
> > Signing Party! Please find it here:
> > 
> >      https://people.debian.org/~gwolf/ksp-dc18/ksp-dc18.txt
> > 
> > If you want to ensure the file came from me, you can check the
> > clear-signed version:
> > 
> >      https://people.debian.org/~gwolf/ksp-dc18/ksp-dc18.txt.asc
> 
> This file really isn't usable, it's not a detached signature. It
> can not be used to verify ksp-dc18.txt. 
> 
> When verifying it, you get:
> $ gpg --verify ksp-dc18.txt.asc 
> gpg: Signature made Tue 24 Jul 2018 02:08:48 AM CEST
> gpg:                using RSA key AB41C1C68AFD668CA045EBF8673A03E4C1DB921F
> gpg: Good signature from "Gunnar Eyal Wolf Iszaevich <gwolf@debian.org>" [full]
> gpg:                 aka "Gunnar Eyal Wolf Iszaevich <gwolf@gwolf.org>" [full]
> gpg:                 aka "Gunnar Eyal Wolf Iszaevich (Instituto de Investigaciones Económicas UNAM) <gwolf@iiec.unam.mx>" [full]
> gpg: WARNING: not a detached signature; file 'ksp-dc18.txt' was NOT verified!
> 
> $ gpg --verify ksp-dc18.txt.asc ksp-dc18.txt
> gpg: not a detached signature
> 
> We need to verify the ksp-dc18.txt file, that's the file we'll all
> compute the SHA256 for.

Download the .txt.sha256 and the .txt.sha256.asc and verify that;
and then check that SHA256 in there matches the file and the shared
SHA256.

-- 
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer                              i speak de, en