This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: gcc-4.4.0.tar.gz.sig, expired key
On Fri, Apr 24, 2009 at 12:31:43PM +0200, Jakub Jelinek wrote:
> On Thu, Apr 23, 2009 at 08:09:55PM -0700, Keith Thompson wrote:
> > gcc-4.4.0.tar.gz.sig was generated with an expired key:
> >
> > gpg: Signature made Tue 21 Apr 2009 07:35:29 AM PDT using DSA key ID C3C45C06
> > gpg: Good signature from "Jakub Jelinek <jakub@redhat.com>"
> > gpg: Note: This key has expired!
> > Primary key fingerprint: 33C2 35A3 4C46 AA3F FB29 3709 A328 C3A2 C3C4 5C06
> >
> > I'm using ftp://ftp.gnu.org/gnu/gnu-keyring.gpg, downloaded after I
> > downloaded gcc-4.4.0.tar.gz.sig.
>
> I've extended its expiration before the release. Just
> gpg --keyserver hkp://pgp.mit.edu/ --recv-keys C3C45C06
Ok.
Rather than importing all those signatures from a keyserver, I
always check signatures for GNU software against a downloaded copy
of gnu-keyring.gpg. Presumably gnu-keyring.gpg will be updated Real
Soon Now, so there should be no problem.
--
Keith Thompson (The_Other_Keith) kst@mib.org <http://www.ghoti.net/~kst>
Nokia
"We must do something. This is something. Therefore, we must do this."
-- Antony Jay and Jonathan Lynn, "Yes Minister"