Does anyone know where to find the ISC signing keys for source packages?
Thomas Schulz
schulz at adi.com
Wed Dec 29 15:25:23 UTC 2010
> From: Casey Deccio
>
> Before checking the signature, you need to import ISC's public key
> into your key ring. Something like this will work:
>
> curl https://www.isc.org/files/pgpkey2009.txt | gpg --import
>
> Then you can run gpg --verify.
>
> Casey
That is the final piece of information I needed. I had previously downloaded
the public key (I just did now know what to do with it), so I used the command
gpg --import pgpkey2009.txt
and then the following command worked
gpg --verify bind-9.7.2-P3.tar.gz.sha256.asc bind-9.7.2-P3.tar.gz
If I rename bind-9.7.2-P3.tar.gz.sha256.asc to bind-9.7.2-P3.tar.gz.asc
then the following shorter command will work
gpg --verify bind-9.7.2-P3.tar.gz.asc
Well, I seem to have insecure memory and the key is not certified with
a trusted signature, but I think that I will trust the result anyway.
Thanks to everyone for their help. Perhaps all of the above should be on
isc's web page.
Tom Schulz
Applied Dynamics Intl.
schulz at adi.com
More information about the bind-users
mailing list