WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] PGP key for signature on xen-4.0.0.tar.gz

To: Ralf Philipp Weinmann <ralf@xxxxxxxxxxxxxx>
Subject: Re: [Xen-users] PGP key for signature on xen-4.0.0.tar.gz
From: Pasi Kärkkäinen <pasik@xxxxxx>
Date: Thu, 8 Apr 2010 17:25:59 +0300
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 08 Apr 2010 07:30:18 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20100407222804.GA60106@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <20100407222804.GA60106@xxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.18 (2008-05-17)
Hello,

Added xen-devel to CC..

-- Pasi

On Thu, Apr 08, 2010 at 12:28:05AM +0200, Ralf Philipp Weinmann wrote:
> Hi *,
> 
> I've been wanting to play with the xen-4.0.0 release. Having downloaded the
> xen-4.0.0 tarball and the corresponding digital signature from [1], I tried
> to verify the signature of the tarball using GnuPG:
> 
> -- snip --
> 
> $ gpg --verify  xen-4.0.0.tar.gz.sig
> gpg: Signature made Wed 07 Apr 2010 06:14:55 PM CEST using RSA key ID 57E82BD9
> gpg: Can't check signature: public key not found
> 
> -- snap --
> 
> I can't find this key anywhere. Neither on xen.org nor on the xensource.com
> pages. Nothing on the key servers either.  How are Xen users supposed to 
> verify
> the authenticity of the released sources if the signing key isn't published
> anywhere?
> 
> Here are the SHA-1 checksums of the files I downloaded:
> 
> SHA1(xen-4.0.0.tar.gz)= bf2430c896aed0deae99b1b8c3fa73e8aaf125ee
> SHA1(xen-4.0.0.tar.gz.sig)= fb0b20c9a90615b9299af026f25dd48cfe1b11f8
> 
> Cheers,
> Ralf
> 
> [1] Xen Hypervisor 4.0.0 Download
>     http://www.xen.org/products/xen_source.html
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>