[Replicant] Replicant 6 releases signing keys (vendor/replicant-security)

Denis 'GNUtoo' Carikli GNUtoo at cyberdimension.org
Thu Mar 11 18:26:57 UTC 2021


Hi,

The Replicant 6.0 releases (0001 to 0003) were signed with keys you
generated during the builds.

We have several important issues that are fixed in the upcoming
Replicant 6 release (like SIM not detected, several freedom and/or
privacy issues, etc).

Since the issue are important, it might be a good idea not to require
every existing user to wipe their data to upgrade to the new release.

I've worked on a script to generate a key migration script to migrate
from your keys to new ones but the resulting script is too fragile.

Some user(s) still had to wipe their data with the test images (RC)
long after installing them, and I also had a data corruption with one
of the test image where the script was involved as well.

Do you still have a copy of the vendor/replicant-security that was used
for the previous Replicant 6 releases?

Would it be possible for you to send them to me in a secure way
(strongly encrypted with GPG at least)?

Denis.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.osuosl.org/pipermail/replicant/attachments/20210311/3166c726/attachment.asc>


More information about the Replicant mailing list