Daily builder OpenPGP key
Simon Josefsson
simon at josefsson.org
Tue Apr 28 08:57:54 CEST 2009
Peter Hendrickson noticed that the daily packages on
http://daily.josefsson.org/gnutls/
are signed with a key 7C77B39D which isn't available from anywhere.
I've signed the key now, and uploaded it to key servers. It is included
below as well.
Note that data signed with the key at best guarantees data origin. If
someone compromises savannah git and puts in a 'rm -rf /' in the gnutls
git tree, my autobuilder will happily include sign it during the next
update. The same goes if someone compromises my build machine, although
that seems more unlikely since it doesn't have a public IP address.
Still, verifying signatures may make some attacks harder. Such as
attacks against the daily.josefsson.org web server.
/Simon
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.9 (GNU/Linux)
mQGiBEk1WaERBACGSs0Otc3yznPsCCFDctKiDiD6SdFdZZkv/LgJI7F2CgfetCM+
31TKLBrBIF+AQ/IMGtbpHPrkzKY7K/Ciq9M/SwQ/CQnJbvaowFdSYnBsrztx4QIx
bKb/9pLWJHEmw49AjUnzKfUoG7uTi73GIUSrGHzhrJjN3XBRAlToPFq4gwCgq3Ut
GLa64Z5nPFiXL7EqjFwY0RED/0kZ93l7CxuJJyrsRn2vt2PGrsf/c4o6ddKsjNwU
zuH5e7fAVxPnsLHiBjoxbGLAbPegWVaPDkpq1O+IkoAnMSfv3CJsbAL6eZW2xcWP
ZHWoOgLVuDhXMlSx3eREFopZ2faKj1apyU5ZoutqUlbGAYcpJPHy6VMhafecFwDw
1MZkA/9BtB1vriJOzcyvej8gMzBLng2gg0vHdzWPB5Qh5dVgsI7hyrJM05HV44dB
xQ5ubwcs6oD1mhBRDVeGMbKEccLUY8U4dEmpwRniw/7Uv3wDWu+TjVCkqQTFgmhP
pCZwGxrMHXMn9eheIEdT+7D1NfNkh9ts99SQCo2bSRr94JnYlrQrU0pEIERhaWx5
IEF1dG9idWlsZGVyIDxkYWlseUBqb3NlZnNzb24ub3JnPohmBBMRAgAmAhsDBgsJ
CAcDAgQVAggDBBYCAwECHgECF4AFAkn2pfIFCQKif8kACgkQ+PyjpHx3s52aTACf
WBwO8Lz85ZOAt7Pk/OqdaikDqcMAniz8T7fXLfcdhyjeiSAgWkk0UeuPiLwEEAEC
AAYFAkn2pkYACgkQ7aIelLVlcW+6hwUAk/6gnHtlWu4FjuNGYY+apQRszaJnDLML
mTLQJsBxm7PfsyXuqic/MTcBf4KDo9CHStIHJCYBuiAiOpOXcSJlrqEGrEqJb7hH
Y1OBhVq2qPq8s8cRYcFp6vbmomSpSHuYgx8irUxEGHuoiRF3iEtaC+dNTHVkshoP
APac/WKgbbBdMAFOntzM9xlJQJF4acR8+qScBjQWXG9kG3XmBqFKK7kCDQRJNVmh
EAgA3nK5awaKsO8nYq4OzwE2iYmG+T59riMQQLjaor4uF+FSQM2GyOrlkWThuL7l
01ch4/v9PjOLlauKmOyAtOD68hJBDZrPq71ishlyDqrDbjpdxVUcf4jFmBzMq0T3
nbolVnflTKdECpchaq9Sw673CWRXwZKcOk+mMPzU97UJdL5gbrsQmaoWp0ImUlSc
xoLf23TDdFSUEN3nvRubSDhPUHhAuEL36u6pJwsNlxqhNXUFBn/NqXZBueZmxB2v
ip0Kg3sfvuLj7fTX1GzVJiTxGK+d+CSnApINXBOBw6cUHN1sllQmul+oyDY8pU4m
req8COkHXnNoAx2wWbZdaLyy6wADBgf/QhC+HZEMJevkl+VpSK8DNl0Q5kos8QBT
5QHhdUoVvmqeIw7r/UJs7u4jHT5iMBdr3qEGEUL1GZhRtuZIud5sm9wUJbwWEnCM
jqHoH8UpZjuxPnzzAmKjK3ZqOZ1+cLh/aY2wSs9DTYfTYC0NXexylu7H/h/3Otdl
0WiHUkpTBzLA18I6JSS8VfdADwg7iQCPUVWKpzsmm0iktAsx6lCT8JLjLxv5K55Q
LPyR2EvH7Mk5BTrmrihAQvvzgNIeXJMshTMPTtriAU8zG1zSRK7HV/ornHlSN4Po
QB2vypYNYiK3zoLLHCOlavl8l/VJNowKdWfTeHzvcZmo0Wc61h+HUIhPBBgRAgAP
AhsMBQJJ9qX9BQkCon/aAAoJEPj8o6R8d7Od7SEAni4jNHN7ojyHcf0f3BsnP65D
9TdxAJwN4CVJL/jxSYtzNAUewqJYkb+m5g==
=1vdJ
-----END PGP PUBLIC KEY BLOCK-----
More information about the Gnutls-devel
mailing list