[rancid] signing key?
heasley
heas at shrubbery.net
Sat Mar 24 10:07:52 UTC 2018
Thu, Mar 22, 2018 at 04:13:35PM -0400, Lee:
> On 3/22/18, Boheme <boheme at gmail.com> wrote:
> > gpg --search-keys heas at shrubbery.net
>
> Thanks, but that's not the positive ack I'm looking for.
>
> Maybe he did use a key created in 1996 & maybe that really is his key,
> but I'd rather get the fingerprint from him instead of just searching
> for a key that works.
i hadnt noticed that it was using the old key; the tool behavior changed
and i didnt notice. future sigs will use the more recent key/subkey.
> $ gpg --verify rancid-3.7.tar.gz.sig rancid-3.7.tar.gz
> gpg: Signature made Wed, Mar 7, 2018 7:32:42 PM EST
> gpg: using RSA key 0x4B2BDD527A774C09
> gpg: Can't check signature: public key not found
>
> $ gpg --search-keys heas at shrubbery.net
> gpg: searching for "heas at shrubbery.net" from hkps server
> hkps.pool.sks-keyservers.net
> (1) John Heasley <heas at shrubbery.net>
> 2048 bit RSA key 0xFC860A57C2B34FCB, created: 2015-07-06
> (2) John Heasley <heas at shrubbery.net>
> 2048 bit DSA key 0x4472A69EB6650559, created: 2015-04-23
> (3) John Heasley <heas at shrubbery.net>
> 1024 bit RSA key 0x0A5CE6407A774C09, created: 2014-06-16 (revoked)
> (4) John Heasley <heas at shrubbery.net>
> 1024 bit RSA key 0x4B2BDD527A774C09, created: 1996-12-20
> Keys 1-4 of 4 for "heas at shrubbery.net". Enter number(s), N)ext, or Q)uit > q
>
>
>
> >> On Mar 22, 2018, at 11:07 AM, Lee <ler762 at gmail.com> wrote:
> >>
> >>> On 3/22/18, heasley <heas at shrubbery.net> wrote:
> >>> Thu, Mar 22, 2018 at 01:46:09PM -0400, Lee:
> >>>>> On 3/22/18, heasley <heas at shrubbery.net> wrote:
> >>>>> Thu, Mar 22, 2018 at 04:02:43PM +0000, Lauri Haveri:
> >>>>>> Hello again and thanks for the answers!
> >>>>>>
> >>>>>> My device happens to be SRX100b and version of the Rancid is 3.3.
> >>>>>>
> >>>>>> I got from “apt-get install rancid cvs”
> >>>>>
> >>>>> Please install rancid 3/7. It is available here:
> >>>>> ftp://ftp.shrubbery.net/pub/ranciD
> >>>>
> >>>> Which has a detached sig -- thank you!! But what key was used for
> >>>> signing?
> >>>
> >>> mine
> >>
> >> touché
> >>
> >> I don't have your key, so verifying the fingerprint would be nice; a
> >> file I can gpg --import even better
> >>
> >> Thanks
> >> Lee
More information about the Rancid-discuss
mailing list