[gnutls-devel] GnuTLS | gnutls 3.7.8 tarball signed with different key than announced (#1410)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Sat Oct 1 19:01:36 CEST 2022

brandon kane created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1410

## Description of problem:
When attempting to verify the tarball signature, key A6AB53A01D237A94F9EEC4D0412748A40AFCC2FB is found with not match to the gnutls keyring.  This also differs from the email announcement, stating key E987AB7F7E89667776D05B3BB0E9DD20B29F1432 was used.  Other two keys used match the keyring

## Version of gnutls used:

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Gnutls direct download

## How reproducible:
download 3.7.8 tarball and sig.  Open Kleopatra and verify tarball.

## Actual results:
Signatures found are:
Last one is not present in gnutls keyring located at https://www.gnutls.org/gnutls-release-keyring.gpg

## Expected results:
Signatures found should be(according to 9/27 announcement):
These three are all present in the keyring

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1410
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20221001/1678b9d4/attachment.html>

More information about the Gnutls-devel mailing list