[LLVMbugs] [Bug 10294] New: Release tarballs are signed with a key that is nowhere to be found
bugzilla-daemon at llvm.org
bugzilla-daemon at llvm.org
Thu Jul 7 05:17:15 PDT 2011
http://llvm.org/bugs/show_bug.cgi?id=10294
Summary: Release tarballs are signed with a key that is nowhere
to be found
Product: Website
Version: unspecified
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P
Component: General Website
AssignedTo: unassignedbugs at nondot.org
ReportedBy: sliedes at cc.hut.fi
CC: llvmbugs at cs.uiuc.edu
To reproduce:
1. Download http://llvm.org/releases/2.9/llvm-2.9.tgz
2. Download http://llvm.org/releases/2.9/llvm-2.9.tgz.sig
3. Run gpg --verify llvm-2.9.tgz.sig
[gpg indicates key E95C63DC is unknown]
4. Run gpg --recv-key E95C63DC
[gpg indicates the key cannot be found on the public keyserver]
5. Google for E95C63DC
[cannot find the key with Google either]
Actual result:
The key used to sign llvm-2.9.tgz is nowhere to be found. Hence the signature
cannot be verified. Hence the .sig files are rather useless.
Expected result:
The key should be available on the public keyservers and/or on the LLVM
website.
--
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the llvm-bugs
mailing list