[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Verifying sig for gnu parallel
From: |
Ole Tange |
Subject: |
Re: Verifying sig for gnu parallel |
Date: |
Tue, 14 May 2013 15:20:03 +0200 |
On Tue, May 14, 2013 at 12:55 AM, Shahar Roth <rothshahar@yahoo.com> wrote:
> Hi Ole,
Please use parallel@gnu.org for support (unless you want to hire me).
> First, let me thank you for creating parallel. It's awesome :-)
Thank you. If you like GNU Parallel:
* Give a demo at your local user group/team/colleagues
* Post the intro videos on Reddit/Diaspora*/forums/blogs/
Identi.ca/Google+/Twitter/Facebook/Linkedin/mailing lists
* Request or write a review for your favourite blog or magazine
* Request or build a package for your favourite distribution (if it is
not already there)
* Invite me for your next conference
If you use GNU Parallel for research:
* Please cite GNU Parallel in you publications (use --bibtex)
If GNU Parallel saves you money:
* (Have your company) donate to FSF https://my.fsf.org/donate/
> I hope you can help me out with this question-
> I'm trying to download the latest version and I'd like to verify the
> signature. I couldn't find explicit instructions how to do that on the gnu
> parallel site.
> A search led me to an email thread where you linked to your public keys but
> I get this when I try to add your key to a ring:
>
> $ gpg --no-default-keyring --keyring vendors.gpg --import key
> gpg: key FFFFFFF1: public key "Ole Tange <ole@tange.dk>" imported
> gpg: Total number processed: 1
> gpg: imported: 1
This looks fine. You should be able to do:
$ echo | gpg # To initialize
$ gpg --auto-key-locate keyserver --keyserver-options
auto-key-retrieve parallel-*.tar.bz2.sig
gpg: Signature made Tue 14 May 2013 09:11:53 AM CEST using DSA key ID FFFFFFF1
gpg: requesting key FFFFFFF1 from hkp server keys.gnupg.net
gpg: /home/parallel/.gnupg/trustdb.gpg: trustdb created
gpg: key FFFFFFF1: public key "Ole Tange <ole@tange.dk>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1
gpg: Good signature from "Ole Tange <ole@tange.dk>"
gpg: aka "[jpeg image of size 4006]"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: BE9C B493 81DE 3166 A3BC 66C1 2C62 29E2 FFFF FFF1
> gpg: public key of ultimately trusted key C29EEC93 not found
> gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
> gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
>
> What is C29EEC93?
This I do not know. A key with ultimate trust soulds like your own.
Could it be that you have created a key, trusted it, and then removed
the key again?
> Could be helpful if the site contained easy to follow
> instructions for verification.
That is not a bad idea. I have put:
To check the signature run:
echo | gpg
gpg --auto-key-locate keyserver --keyserver-options
auto-key-retrieve parallel-*.tar.bz2.sig
in the .sig file on ftp://alpha.gnu.org/gnu/parallel/ Please test that.
> Thanks,
> -Shahar
/Ole
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: Verifying sig for gnu parallel,
Ole Tange <=