[Replicant] replicant 6 signatures key expiration

Denis 'GNUtoo' Carikli GNUtoo at cyberdimension.org
Mon May 13 14:07:38 UTC 2019


On Sat, 11 May 2019 16:06:49 +0000
Fil Lupin <fillupin at protonmail.com> wrote:

> Hi,
Hi,

> for information, someone noticed on the forum that signature checking
> does not work because of Wolfgang key expiration for replicant 6
> images (see https://redmine.replicant.us/boards/3/topics/15145).

It works for me at the time of writing
> $ gpg --verify recovery-i9100.img.asc
> gpg: assuming signed data in 'recovery-i9100.img'
> gpg: Signature made dim. 10 déc. 2017 23:27:45 CET
> gpg:                using RSA key 0F30D1A02F73F70A6FEE048E5816A24C10757FC4
> gpg: Good signature from "Wolfgang Wiedmeyer <wolfgang at wiedmeyer.de>" [ultimate]
> gpg:                 aka "Wolfgang Wiedmeyer <wreg at wiedmeyer.de>" [ultimate]
> gpg:                 aka "Wolfgang Wiedmeyer <wolfgit at wiedmeyer.de>" [ultimate]

Here's Wolfgang key on my computer:
> $ gpg --fingerprint 0F30D1A02F73F70A6FEE048E5816A24C10757FC4
> pub   rsa4096 2015-02-25 [SC] [expires: 2023-03-15]
>       0F30 D1A0 2F73 F70A 6FEE  048E 5816 A24C 1075 7FC4
> uid           [ultimate] Wolfgang Wiedmeyer <wolfgang at wiedmeyer.de>
> uid           [ultimate] Wolfgang Wiedmeyer <wreg at wiedmeyer.de>
> uid           [ultimate] Wolfgang Wiedmeyer <wolfgit at wiedmeyer.de>
> sub   rsa4096 2015-02-25 [E] [expires: 2023-03-15]

Refreshing the key should fix it:
> $ gpg --refresh-key 0F30D1A02F73F70A6FEE048E5816A24C10757FC4
> gpg: refreshing 1 key from hkps://hkps.pool.sks-keyservers.net
> gpg: key 5816A24C10757FC4: 1 signature not checked due to a missing key
> gpg: key 5816A24C10757FC4: "Wolfgang Wiedmeyer <wolfgang at wiedmeyer.de>" not changed
> gpg: Total number processed: 1
> gpg:              unchanged: 1

That said we will need to revisit our decisions about the gpg keys used
by the Replicant project, if possible before the next release, to at
least document why we do or did it this way.

Denis.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.osuosl.org/pipermail/replicant/attachments/20190513/54b48cde/attachment.asc>


More information about the Replicant mailing list