|
|
|
|
|
|
|
|
|
|
xen-users
Re: [Xen-users] PGP key for signature on xen-4.0.0.tar.gz
Hello,
Added xen-devel to CC..
-- Pasi
On Thu, Apr 08, 2010 at 12:28:05AM +0200, Ralf Philipp Weinmann wrote:
> Hi *,
>
> I've been wanting to play with the xen-4.0.0 release. Having downloaded the
> xen-4.0.0 tarball and the corresponding digital signature from [1], I tried
> to verify the signature of the tarball using GnuPG:
>
> -- snip --
>
> $ gpg --verify xen-4.0.0.tar.gz.sig
> gpg: Signature made Wed 07 Apr 2010 06:14:55 PM CEST using RSA key ID 57E82BD9
> gpg: Can't check signature: public key not found
>
> -- snap --
>
> I can't find this key anywhere. Neither on xen.org nor on the xensource.com
> pages. Nothing on the key servers either. How are Xen users supposed to
> verify
> the authenticity of the released sources if the signing key isn't published
> anywhere?
>
> Here are the SHA-1 checksums of the files I downloaded:
>
> SHA1(xen-4.0.0.tar.gz)= bf2430c896aed0deae99b1b8c3fa73e8aaf125ee
> SHA1(xen-4.0.0.tar.gz.sig)= fb0b20c9a90615b9299af026f25dd48cfe1b11f8
>
> Cheers,
> Ralf
>
> [1] Xen Hypervisor 4.0.0 Download
> http://www.xen.org/products/xen_source.html
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|
|
|