#149 v1.1a6 download files signed with unknown key

[Jools C]

The current set of download files for v1.1a6 available at 23 Sep 2014 are signed with a key of ID D0AA36FE. This is different from Tony Meyer's key (ID F23F732A) as referenced on http://spambayes.sourceforge.net/download.html

The public key does not appear to be available on any of the keyservers (pgp.mit.edu, keys.gnupg.net, keyserver.pgp.com, certserver.pgp.com) I have searched, and there is no reference to this 'new' key on any of the project pages that I can see.

Can anyone confirm the key owner? And where the public key can be downloaded from?

Thanks.

[Skip Montanaro]

That's probably me (skip@pobox.com). What credential do I have to deposit
(and where) to clean this up?

(Note that SpamBayes development has been completely stopped for several
years.)

Skip Montanaro

On Tue, Sep 23, 2014 at 3:01 PM, Jools C jools-srcface@users.sf.net wrote:

---

• [support-requests:#149]
  http://sourceforge.net/p/spambayes/support-requests/149 v1.1a6 download
  files signed with unknown key*

Status: open
Group: v1.0 (example)
Created: Tue Sep 23, 2014 08:01 PM UTC by Jools C
Last Updated: Tue Sep 23, 2014 08:01 PM UTC
Owner: nobody

The current set of download files for v1.1a6 available at 23 Sep 2014 are
signed with a key of ID D0AA36FE. This is different from Tony Meyer's key
(ID F23F732A) as referenced on
http://spambayes.sourceforge.net/download.html

The public key does not appear to be available on any of the keyservers (
pgp.mit.edu, keys.gnupg.net, keyserver.pgp.com, certserver.pgp.com) I
have searched, and there is no reference to this 'new' key on any of the
project pages that I can see.

Can anyone confirm the key owner? And where the public key can be
downloaded from?

Thanks.

Sent from sourceforge.net because you indicated interest in
https://sourceforge.net/p/spambayes/support-requests/149/

To unsubscribe from further messages, please visit
https://sourceforge.net/auth/subscriptions/

[Jools C]

Hi Skip.

You'll need to publish your public key to a keyserver.

There's a couple of ways of doing this, but basically you'll need to export the public key of the keypair used to sign the files previously and then upload to the following keyservers (as a suggestion) :

http://keys.gnupg.net
https://pgp.mit.edu
https://keyserver.pgp.com

Export your key in armored ascii format. For example, exporting your public key using GPG use the following command/syntax:
gpg --output mypublickey.asc --armor --export myKeyId

(ref: GNU Privacy Handbook - https://www.gnupg.org/gph/en/manual/x56.html)

To publish to https://keyserver.pgp.com:
- go to above URL and select 'Publish your Key' and either upload your mypublickey.asc file, or click the Key Block button and copy/paste the text from your mypublickey.asc and then 'Upload'.

To publish to https://pgp.mit.edu:
- go to the above site, copy/paste the text from your mypublickey.asc into the area provided then click 'Submit this key to the keyserver!'

To publish to http://keys.gnupg.net/
- same as for pgp.mit.edu

If you're using GPG you can publish to a keyserver without needing to export, with the following command/syntax:
gpg --keyserver keyserver.pgp.com --send-key myKeyId

(ref: GNU Privacy Handbook - https://www.gnupg.org/gph/en/manual/x457.html)

Hope that helps.
Jools.

[Jools C]

Just thought, may be simpler to just export the public key as an ascii file (using 'gpg --output mypublickey.asc --armor --export <myKeyId>' command), upload the resulting 'mypublickey.asc' file to your website and link to it from the Downloads page (in the same way that there is a link to Tony's key from the Download page).

Possibly a little simpler :-)
Jools.