WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-users] PGP key for signature on xen-4.0.0.tar.gz

from [Ralf Philipp Weinmann] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] PGP key for signature on xen-4.0.0.tar.gz
From: Ralf Philipp Weinmann <ralf@xxxxxxxxxxxxxx>
Date: Thu, 8 Apr 2010 00:28:05 +0200
Delivery-date: Wed, 07 Apr 2010 15:29:04 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.20 (2009-06-14) 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi *,

I've been wanting to play with the xen-4.0.0 release. Having downloaded the
xen-4.0.0 tarball and the corresponding digital signature from [1], I tried
to verify the signature of the tarball using GnuPG:

- -- snip --

$ gpg --verify  xen-4.0.0.tar.gz.sig
gpg: Signature made Wed 07 Apr 2010 06:14:55 PM CEST using RSA key ID 57E82BD9
gpg: Can't check signature: public key not found

- -- snap --

I can't find this key anywhere. Neither on xen.org nor on the xensource.com
pages. Nothing on the key servers either.  How are Xen users supposed to verify
the authenticity of the released sources if the signing key isn't published
anywhere?

Here are the SHA-1 checksums of the files I downloaded:

SHA1(xen-4.0.0.tar.gz)= bf2430c896aed0deae99b1b8c3fa73e8aaf125ee
SHA1(xen-4.0.0.tar.gz.sig)= fb0b20c9a90615b9299af026f25dd48cfe1b11f8

Cheers,
Ralf

[1] Xen Hypervisor 4.0.0 Download
    http://www.xen.org/products/xen_source.html
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAku9BvQACgkQFZzr6u/Nmwa+oACePBipKNKHrH6bhyrK3zORvfTi
/skAoJPE8gZc152zK5B+L7x1xRYfz8JM
=kfaA
-----END PGP SIGNATURE-----

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-users] using ipoib with xcp, Trygve Sanne Hardersen
Next by Date:  [Xen-users] Xen3.3 / Xen3.4 CPU soft lockups under pvops 2.6.31/2.6.32, Pim van Riezen
Previous by Thread:  [Xen-users] using ipoib with xcp, Trygve Sanne Hardersen
Next by Thread:  Re: [Xen-users] PGP key for signature on xen-4.0.0.tar.gz, Pasi Kärkkäinen
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy