meejah
commented
7 months ago Weird. So some GitHub ... problem?
You can also get my key from https://meejah.ca/meejah.asc
Closed alex19EP closed 7 months ago
meejah
commented
7 months ago Weird. So some GitHub ... problem?
You can also get my key from https://meejah.ca/meejah.asc
meejah
commented
7 months ago I have filed a github support ticket, not sure why my key would become "un-exportable" :scream:
alex19EP
commented
7 months ago Hello @meejah I think something is not good with latest release file.
curl https://meejah.ca/meejah.asc | LC_ALL=C gpg --import
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 3204 100 3204 0 0 4495 0 --:--:-- --:--:-- --:--:-- 4493
pub rsa2048/0xC2602803128069A7 2012-02-14 [SC]
9D5A2BD5688ECB889DEBCD3FC2602803128069A7
uid meejah <meejah@meejah.ca>
sub rsa2048/0x994EBA4A91939490 2012-02-14 [E]
gpg: Total number processed: 1
gpg: unchanged: 1
> LC_ALL=C gpg --verify ~/.cache/makepkg/src/txtorcon-23.11.0.tar.gz.asc
gpg: assuming signed data in '/home/alex/.cache/makepkg/src/txtorcon-23.11.0.tar.gz'
gpg: Signature made Mon Nov 20 10:36:59 2023 MSK
gpg: using RSA key 9D5A2BD5688ECB889DEBCD3FC2602803128069A7
gpg: issuer "meejah@meejah.ca"
gpg: BAD signature from "meejah <meejah@meejah.ca>" [marginal]
X LC_ALL=C gpg --verify ~/.cache/makepkg/src/txtorcon-23.5.0.tar.gz.asc
gpg: assuming signed data in '/home/alex/.cache/makepkg/src/txtorcon-23.5.0.tar.gz'
gpg: Signature made Fri May 19 04:21:31 2023 MSK
gpg: using RSA key 9D5A2BD5688ECB889DEBCD3FC2602803128069A7
gpg: issuer "meejah@meejah.ca"
gpg: Good signature from "meejah <meejah@meejah.ca>" [marginal]
gpg: meejah@meejah.ca: Verified 5 signatures in the past 2 years. Encrypted
0 messages.
gpg: Warning: you have yet to encrypt a message to this key!
gpg: Warning: if you think you've seen more signatures by this key and user
id, then this key might be a forgery! Carefully examine the email address
for small variations. If the key is suspect, then use
gpg --tofu-policy bad 9D5A2BD5688ECB889DEBCD3FC2602803128069A7
to mark it as being bad.
gpg: WARNING: The key's User ID is not certified with sufficiently trusted signatures!
gpg: It is not certain that the signature belongs to the owner.
Primary key fingerprint: 9D5A 2BD5 688E CB88 9DEB CD3F C260 2803 1280 69A7
Ah, okay, thanks for following up.
Indeed the tar.gz signature was bad. I have re-uploaded one that's good.
The wheel was okay.
Not sure what happened there, but thanks for noticing! (Python build-tools are often eager to re-create things, so perhaps that's what happened)
meejah
commented
7 months ago (If it works now, please close this -- I will followup with GitHub re: my broken key separately)
alex19EP
commented
7 months ago thanks. now all is good. and I updated package in Arch Linux.
LC_ALL=C gpg --verify ~/.cache/makepkg/src/txtorcon-23.11.0.tar.gz.asc gpg: assuming signed data in '/home/alex/.cache/makepkg/src/txtorcon-23.11.0.tar.gz' gpg: Signature made Mon Nov 20 10:36:59 2023 MSK gpg: using RSA key 9D5A2BD5688ECB889DEBCD3FC2602803128069A7 gpg: issuer "meejah@meejah.ca" gpg: BAD signature from "meejah meejah@meejah.ca" [marginal]
curl https://github.com/meejah.gpg -----BEGIN PGP PUBLIC KEY BLOCK----- Note: The keys with the following IDs couldn't be exported and need to be reuploaded C2602803128069A7
=twTO -----END PGP PUBLIC KEY BLOCK-----%