Closed dngray closed 5 years ago
Agreed. Alternatively weechat should put their key on https://keys.openpgp.org (that is immune to spamming) and advise downloading from that keyserver. Or use Web Key Directory and gpg --sender
when creating the signature (just like kernel.org).
Edit: I'd revise the instructions to use the following:
gpg --locate-key webmaster@weechat.org
gpg --verify weechat-2.5.tar.xz.asc weechat-2.5.tar.xz
This is an issue on weechat.org, not WeeChat itself, so I move the issue in the appropriate repository.
Fixed, thanks for pointing the problem.
Hi,
The weechat signing key is being spammed, the instructions on https://weechat.org/download/ should not use the SKS network, users attempting the instruction to import the key will break their gnupg installation.
Currently the signing key on SKS is 180MB.
Background: