This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: gcc-4.4.0.tar.gz.sig, expired key

From: Keith Thompson <kst at mib dot org>
To: Jakub Jelinek <jakub at redhat dot com>
Cc: Keith Thompson <kst at mib dot org>, gcc at gnu dot org
Date: Fri, 24 Apr 2009 10:11:48 -0700
Subject: Re: gcc-4.4.0.tar.gz.sig, expired key
References: <20090424030955.GA2940@nuthaus.mib.org> <20090424103143.GY16681@sunsite.ms.mff.cuni.cz>

On Fri, Apr 24, 2009 at 12:31:43PM +0200, Jakub Jelinek wrote:
> On Thu, Apr 23, 2009 at 08:09:55PM -0700, Keith Thompson wrote:
> > gcc-4.4.0.tar.gz.sig was generated with an expired key:
> > 
> > gpg: Signature made Tue 21 Apr 2009 07:35:29 AM PDT using DSA key ID C3C45C06
> > gpg: Good signature from "Jakub Jelinek <jakub@redhat.com>"
> > gpg: Note: This key has expired!
> > Primary key fingerprint: 33C2 35A3 4C46 AA3F FB29  3709 A328 C3A2 C3C4 5C06
> > 
> > I'm using ftp://ftp.gnu.org/gnu/gnu-keyring.gpg, downloaded after I
> > downloaded gcc-4.4.0.tar.gz.sig.
> 
> I've extended its expiration before the release.  Just
> gpg --keyserver hkp://pgp.mit.edu/ --recv-keys C3C45C06

Ok.

Rather than importing all those signatures from a keyserver, I
always check signatures for GNU software against a downloaded copy
of gnu-keyring.gpg.  Presumably gnu-keyring.gpg will be updated Real
Soon Now, so there should be no problem.

-- 
Keith Thompson (The_Other_Keith) kst@mib.org  <http://www.ghoti.net/~kst>
Nokia
"We must do something.  This is something.  Therefore, we must do this."
    -- Antony Jay and Jonathan Lynn, "Yes Minister"

References:
- gcc-4.4.0.tar.gz.sig, expired key
  - From: Keith Thompson
- Re: gcc-4.4.0.tar.gz.sig, expired key
  - From: Jakub Jelinek

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]