[Gpg4win-users-en] WKD for OpenPGP certificate "Intevation File Distribution Key <distribution-key at intevation.de>"
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Jul 31 03:28:10 CEST 2019
Hi gpg4win folks--
https://www.gpg4win.org/package-integrity.html suggests that there are
two OpenPGP certificates that might be used to verify the integrity of
gpg4win releases.
Fetching those certificates and looking at them, i notice that the
user ID on both certificates is:
Intevation File Distribution Key <distribution-key at intevation.de>
When i tried to fetch them via WKD, though, only the older certificate
is returned:
0 $ gpg --locate-key distribution-key at intevation.de
gpg: key 7CBD620BEC70B1B8: public key "Intevation File Distribution Key <distribution-key at intevation.de>" imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: no ultimately trusted keys found
pub dsa1024 2010-03-19 [SC] [expires: 2020-03-16]
61AC3F5EE4BE593C13D68B1E7CBD620BEC70B1B8
uid [ unknown] Intevation File Distribution Key <distribution-key at intevation.de>
0 $
I think it would make more sense to publish both certificates in WKD,
rather than just the older one.
Could you make that change?
Regards,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20190730/fc9663f3/attachment.sig>
More information about the Gpg4win-users-en
mailing list