Does anyone know where to find the ISC signing keys for source packages?
torinthiel at data.pl
Tue Dec 28 21:17:02 UTC 2010
Thomas Schulz pisze:
>> On 12/23/2010 4:09 PM, Casey Deccio wrote:
>>> On Thu, Dec 23, 2010 at 12:49 PM, Oisin McGuinness<oisin at smbc-cm.com> wrote:
>>>> But I can't find any reference to current PGP or other signing keys; does
>>>> anyone know where to find
>>>> them on the www.isc.org web site or where to obtain them otherwise?
>> https://www.isc.org/about/openpgp will work as well.
> It looks like I am a little dim today. Given gpg and the key, what steps
> do I do to verify a source package?
First, you get the tarball and the signature from isc.org (say
Second, you issue
gpg --verify bind-9.7.2-P3.tar.gz.asc bind-9.7.2-P3.tar.gz
might work with only the signed name (gpg --verify
bind-9.7.2-P3.tar.gz.asc), I'm not sure how about this case.
More information about the bind-users