Does anyone know where to find the ISC signing keys for source packages?
Torinthiel
torinthiel at data.pl
Tue Dec 28 21:17:02 UTC 2010
Thomas Schulz pisze:
>> On 12/23/2010 4:09 PM, Casey Deccio wrote:
>>
>>> On Thu, Dec 23, 2010 at 12:49 PM, Oisin McGuinness<oisin at smbc-cm.com> wrote:
>>>
>>>
>>>> But I can't find any reference to current PGP or other signing keys; does
>>>> anyone know where to find
>>>> them on the www.isc.org web site or where to obtain them otherwise?
>>>>
>>> http://www.isc.org/about/openpgp
>>>
>> https://www.isc.org/about/openpgp will work as well.
>>
>> --
>> Dave
>>
>
> It looks like I am a little dim today. Given gpg and the key, what steps
> do I do to verify a source package?
>
First, you get the tarball and the signature from isc.org (say
http://www.isc.org/software/bind/972-p3/download/bind-972-p3targz )
Second, you issue
gpg --verify bind-9.7.2-P3.tar.gz.asc bind-9.7.2-P3.tar.gz
might work with only the signed name (gpg --verify
bind-9.7.2-P3.tar.gz.asc), I'm not sure how about this case.
Torinthiel
More information about the bind-users
mailing list