|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] PGP key for signature on xen-4.0.0.tar.gz
Hello, Added xen-devel to CC.. -- Pasi On Thu, Apr 08, 2010 at 12:28:05AM +0200, Ralf Philipp Weinmann wrote: > Hi *, > > I've been wanting to play with the xen-4.0.0 release. Having downloaded the > xen-4.0.0 tarball and the corresponding digital signature from [1], I tried > to verify the signature of the tarball using GnuPG: > > -- snip -- > > $ gpg --verify xen-4.0.0.tar.gz.sig > gpg: Signature made Wed 07 Apr 2010 06:14:55 PM CEST using RSA key ID 57E82BD9 > gpg: Can't check signature: public key not found > > -- snap -- > > I can't find this key anywhere. Neither on xen.org nor on the xensource.com > pages. Nothing on the key servers either. How are Xen users supposed to > verify > the authenticity of the released sources if the signing key isn't published > anywhere? > > Here are the SHA-1 checksums of the files I downloaded: > > SHA1(xen-4.0.0.tar.gz)= bf2430c896aed0deae99b1b8c3fa73e8aaf125ee > SHA1(xen-4.0.0.tar.gz.sig)= fb0b20c9a90615b9299af026f25dd48cfe1b11f8 > > Cheers, > Ralf > > [1] Xen Hypervisor 4.0.0 Download > http://www.xen.org/products/xen_source.html > > _______________________________________________ > Xen-users mailing list > Xen-users@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/xen-users _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |