thr3ads.net - Xen users - [Xen-users] PGP key for signature on xen-4.0.0.tar.gz [Apr 2010]

If this information is useful, please help other people find it:
Share via:

Ralf Philipp Weinmann

2010-Apr-07 22:28 UTC

[Xen-users] PGP key for signature on xen-4.0.0.tar.gz

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi *,

I''ve been wanting to play with the xen-4.0.0 release. Having downloaded
the
xen-4.0.0 tarball and the corresponding digital signature from [1], I tried
to verify the signature of the tarball using GnuPG:

- -- snip --

$ gpg --verify  xen-4.0.0.tar.gz.sig
gpg: Signature made Wed 07 Apr 2010 06:14:55 PM CEST using RSA key ID 57E82BD9
gpg: Can''t check signature: public key not found

- -- snap --

I can''t find this key anywhere. Neither on xen.org nor on the
xensource.com
pages. Nothing on the key servers either.  How are Xen users supposed to verify
the authenticity of the released sources if the signing key isn''t
published
anywhere?

Here are the SHA-1 checksums of the files I downloaded:

SHA1(xen-4.0.0.tar.gz)= bf2430c896aed0deae99b1b8c3fa73e8aaf125ee
SHA1(xen-4.0.0.tar.gz.sig)= fb0b20c9a90615b9299af026f25dd48cfe1b11f8

Cheers,
Ralf

[1] Xen Hypervisor 4.0.0 Download
    http://www.xen.org/products/xen_source.html
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAku9BvQACgkQFZzr6u/Nmwa+oACePBipKNKHrH6bhyrK3zORvfTi
/skAoJPE8gZc152zK5B+L7x1xRYfz8JM
=kfaA
-----END PGP SIGNATURE-----

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Pasi Kärkkäinen

2010-Apr-08 14:25 UTC

head link

Re: [Xen-users] PGP key for signature on xen-4.0.0.tar.gz

Hello,

Added xen-devel to CC..

-- Pasi

On Thu, Apr 08, 2010 at 12:28:05AM +0200, Ralf Philipp Weinmann
wrote:> Hi *,
> 
> I''ve been wanting to play with the xen-4.0.0 release. Having
downloaded the
> xen-4.0.0 tarball and the corresponding digital signature from [1], I tried
> to verify the signature of the tarball using GnuPG:
> 
> -- snip --
> 
> $ gpg --verify  xen-4.0.0.tar.gz.sig
> gpg: Signature made Wed 07 Apr 2010 06:14:55 PM CEST using RSA key ID
57E82BD9
> gpg: Can''t check signature: public key not found
> 
> -- snap --
> 
> I can''t find this key anywhere. Neither on xen.org nor on the
xensource.com
> pages. Nothing on the key servers either.  How are Xen users supposed to
verify
> the authenticity of the released sources if the signing key isn''t
published
> anywhere?
> 
> Here are the SHA-1 checksums of the files I downloaded:
> 
> SHA1(xen-4.0.0.tar.gz)= bf2430c896aed0deae99b1b8c3fa73e8aaf125ee
> SHA1(xen-4.0.0.tar.gz.sig)= fb0b20c9a90615b9299af026f25dd48cfe1b11f8
> 
> Cheers,
> Ralf
> 
> [1] Xen Hypervisor 4.0.0 Download
>     http://www.xen.org/products/xen_source.html
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Keir Fraser

2010-Apr-08 14:51 UTC

head link

Re: [Xen-devel] Re: [Xen-users] PGP key for signature on xen-4.0.0.tar.gz

Hi,

The public keys are as follows. This includes the master key, used for
signing the sub keys which sign qemu-xen*.git and xen-*.hg releases,
respectively. So there should be three public keys in total. Ian Jackson is
going to publish these on the xen.org website too.

 -- Keir

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.10 (GNU/Linux)

mQINBEu7OrwBEADCY30oyubuYEDzYZi3JZXIw220fUaQsKeWmS4C1K+G1SYsoPgO
U01Z8sHZzycgU7nF/bRx75PP1Pq8xq0SC8i7Y66kGtxQQxBy7nz4gMiD9KCK9H2q
ejg9cCuvcirpoHhc0OLurqGUQwWT2fNwAvgCdGRllfNH7L9XwNUcYxKfRFSqobXO
Cl7IAQ/5alxXHhm5BEYjkS/QKWA7NCFmLN4UPxri1pf6S6BcsamZC1qmbcw1LK1E
JMUE2ujS/VLaYkQDaJnvwW9gciKfgWITOO8V8lfJkIL1RT4iop5bRjrMKUnkpMNm
jMWujk00LOyTmBxboNIKXw10lIQKcmlCVM//SR4qzDFgKVkWuI8yo8blrZWYyMQu
LVHLUjdffi+eJ3uVRzvmB+nz9eJOahe0o73Zu1yOTf490f0QonxIF7SMdy15ntX/
SEvxBCUa+5CdUYkgpxSW10ulcT7EQmoFiPqKM6PnvenQLzH12mtMyslYbobAEloo
ZjRravXqjWRlVtEe7GcCQ1RaIY6zCEcjoZpNVlOdWSumf9ASCTrMnStS4PyjaXoP
gRzGumu2Td+okZdBQieFyLPfyYGIe1UY3ZEe9uwPXGJxjbxmbQR4gHCdyvGvAVPV
34rCInvmqUPv6K4BbcIjxBym5S/JmbnHiVOVR5+qIOZdTTaK7Kb8F581VQARAQAB
tFBYZW4ub3JnIG1hc3RlciBrZXkgKGNlcnRpZmljYXRpb24gZm9yIGNvZGUgc2ln
bmluZyBhbmQgb3RoZXIga2V5cykgPHBncEB4ZW4ub3JnPokCNgQTAQIAIAUCS7s6
vAIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJELMELbt5utnYi8gP/jcLXn9h
y3yA2NExJWLdqxIObB45T5sUnGCfD6pqKxdgul1qoE4GhNKkeTPwT2mqUS57Ijie
ovSqzk8iGXIDBtUgTXYyTLFTsbt2ypBsban3vgRPud0W5xhYQSufN7MUjnA7UThk
PG+1yjKIPqxt07OeIXakNoLe1IQ/DCjPmcK8Y2Tjtp+/La8qDA8t0LPsbe3FsIz2
S8VZoOSaNa69ipRb2XbH85ZZuBk/q2on3rhYUN7ktilmGPF0YjiE5b/v6vTS7yO6
JlCY/ok9A/v7PStuLIyiMde6IdlxVnZczgvKUW7BsLqT/4f524FBx/uR31A0j9jH
nCwNUgF0ud9ERCj2bpXrdxfZteYFSo4hgl0UoxXjJ6FKSzrTUIsx/wqb+N5O6JPZ
HAGod/Y9+Pa6UFiVfWWHhV/FSQbDsS3FkSK29yX4SDCtnSe+grW4DZKlB9/MKbLg
i0FP+s+zyy00o3yye7SwKEdzaU9aKQJ9/Z5FxOODSz1RV7BNh6EhdWSvg9IIopp8
arTRLNzCnjOEec+Gfa2Jbf91Uu6FfhqalDhDQasMXbTLTtzoA1HpW4h+JIrAgmjN
roQ5Ztw//FBhlw4DysMMGvJ3Q7LvQ19z/t55l6ACxm57uNpxI6AeyvO7cvX5E9BB
cp2znT4/vUrMbgSukGCjFIuo+BemB3oHNDgXiEYEEBECAAYFAku7SIAACgkQcqIM
kQcsO8ezCACdGIM/JwyyosiwbXPkZ7UTrNljWokAni+/DVTalilomIxxDs9cNZQQ
OYAtmQENBEu7PVUBCADN/1+JPpAxp3fDk8jZQ3cUKA3W0maOlyI/4+nlDai1gh83
m9CNuGyY5kYLPBIR/sdG2hN5TVxTcE8qPCD9MivJXzOhBAmhQl0eXra0qmBBNu9k
v+ZPqtPORPg2Jch1zZL5jOMawIE0xARZPgu21rPKNJo7V+HejWAHh0/LfFxzzI8L
Z1LJACUuHEgfDJEi+u2wxDfjVaTO8HluNXm4TUIr16ExTx+61VDIE9qd3ikXkHgj
p8xFsH0qG5IfcFDTPx9L2Fyk0utTnuNW014P4R31n32U9OolFm1MyOzWrMwVBoTi
34aEnJRT6Aq/WaRfhjIWWkxhWnUgFbPPjMAkWL9fABEBAAG0WFhlbi5vcmcgWGVu
IHRyZWUgY29kZSBzaWduaW5nIChzaWduYXR1cmVzIG9uIHRoZSB4ZW4gaHlwZXJ2
aXNvciBhbmQgdG9vbHMpIDxwZ3BAeGVuLm9yZz6JATYEEwECACAFAku7PVUCGwMG
CwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRCD/hTJV+gr2WzLB/407NC1PxqLka5I
z+9XjrhDf49du4WDW3g5kzXJSM9DyIbNDo7GuIbupz2ZCri54hwUoEqNzB8GGGM7
oqmghTeCbaEQGT7VaVD7Bo/6oF3koEgb9IClpEziHaagLZSQr6NkICNqguvLUQ5a
2iwMl9RK7fxxsfLgCeOGuEaK4QZkiblrdDYhLi65VqESXnIfxu1TuoAtAi82sZsc
Ltx7k32agmJ5zRFILMwIvikoXWVDGZMH37haXeh/PqYLhaiGhrF0CFgRtfhVQovZ
HYjexJnvDMc++ZykJ5hLD/ndafbgsyLotuJnt1xlz8PXau3AgyF2b/oquUou8zD5
u+ku+GMniQIcBBABAgAGBQJLu0hUAAoJELMELbt5utnYmP0P/1mYZ/ZBOukSkSte
k8/gPk90j6gFoEtnUCQJV3gan4oB+d+7dgJJg2F+l29yu29c3rGVSwqeeasjxRSZ
MchG6BJYVeSufxIielTnlrR2pv4W4hoPsAlrEupOjOLk6ibfNncLg4iKAaLXSF0M
wD08GngyYVQZyB3cCn+9FpVBSrzqrcrBQTns4k5Cm2//jJyL6cfinDvn3vaJ196X
YJBQcjPm/dUoMFsqajQx7r75whSVKVYitLw5dBCvFPFdLpIz2yMDnY4p5FKsmXfM
Sdyc6QpNVeXDknEh2jU6gnTUmOBBCG7M6EIe/fnj1moK7RyP1sP/DAjpIUYcnAwd
zo0T9AUMfzEB/s+xBFRilsedTtilJh6/bZwSIAChtcPDn8pxCLo4ic/PcqIMX7qE
445ItfMZP+z0QX/I9qroCECbh3WXks/gNo4HgIBVbCErSfdteqEWPkt2wZwpjbzC
ONArJWtsuJxiaZMtUrMXr/wYPMFBehNFYvf4pu+FVwGdSZQvKYXcM4qdIts0MOgK
5vb7HYD6iu/ZGfAAKcjQIW6P36uoU+7lZ337Oxy7YCIF+N8typOrWbg72VJsZZ4M
6zJvSL3JmpvlKc06GOEWsnSOCokbTTXHQlKd9JUhA5FLNS5T/d2RHyPxE4uvvUy4
hcudS7OIRuqcs8aSYrz+EabNqp1vmQENBEu7PYwBCACwG7MyFYjCre3TomOabscE
q9Q714qFLnU6l6ZSGlDvJnNYaP0CvC8Cm5pJ0BrJxqoF8C1DqYOtF8jB8w4uJnKk
R72xh+QNgqlOVcQD9jKmP79WmW+1QX4wmLTHOkQuZbFfWUUaAa99FpVmhyW8GvnR
UszeIRqrLzT6OJIFlac1R7IEQdxyVbq2oqU5gqtfM4WGRGCsHpgAIEtxp9g9y8s6
D/eF8xFiv4iUiRx/9ztTrIFvTYhnnQHl8+krdAqKykG+WMQ23Kld4YNSfnznC8IA
7nz90/nvjN9bByAt4JerAAx0yyQy48kwn6qkVobA85yWFUdIcAC0FutIAKm/EwFt
ABEBAAG0Tlhlbi5vcmcgcWVtdS14ZW4gY29kZSBzaWduaW5nIChzaWduYXR1cmVz
IG9uIHFlbXUteGVuIGFrYSBpb2VtdSkgPHBncEB4ZW4ub3JnPokBNgQTAQIAIAUC
S7s9jAIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEDbIFxfY27E2F00H/Rju
lYG4G7GWyl+O9QWBd63Fr/HRy3p5ODbreDvnk9zx/k/dj2rts2a1F4d7/OlTUHXx
JbjR7Nmoj9dWDsaE9g9HRYeUIYbiV+z6l5Njk3APqTGrFqKT76fRRZO6PwLyOHs/
EET33FZsPXua23ZRnlUvihfKsjO4Od7RUAbUmAUNOXOMm0B2mWfmf2/BmYomnQCM
1UmhShODtSBaBnBnhNQTDo/F9T9+Kfz06iirhuGPCgTn1kDuD0EmrxoFwaIbL/QH
+Mhtm7+q0rE1ao0GVrcIgwWxrKibL6jwQHt2sQ4fWEH+JoHNC5MtFqb/NIIPEbpk
NijqKuZDHMfLE2R3Y26JAhwEEAECAAYFAku7SF0ACgkQswQtu3m62dgZJRAAlX6g
5CaYewCvAFpuDOA+Umm45xLiK4xD21Nm/iojFbHqtIogZvVwmUupFSczJx68bV7H
a9DKX/fHLtFaP1f5P+tDCYbdoff9gOpXlJQGhizCS5aT+fGigjjDgVc7erYks4cp
rhKr0nOMvoKAE+J/hky6hA2cqfyoPv20Wif1lqaKzQXwL0qo6TsT6/giRB6hOsQO
YLS62twRjbquuH+uO3kkuWbNQpHnf7XMzptUjeXnm8mW36LxZX0Lm1B/R9mXPB0q
xax3GZMb960BbpOx3e0N+uxVJsGpEndiNifNuXeUakhJPGcIinKGsJZNYgVDUPMO
Txf/QEg0zf/CgEJ2VxUl8QeHCbWtbABZMT3yak6FSvo+/Fy/AzMquKC6oFvHleeo
MigjXI2eK/rsAk94sfkVneaZfM18tUPq8Ieq8YQfyXuXkouxULJ1D3Kh17QTOMPe
ipOUN4DvgWHP538YHoGsdIP4T4ZO8VoV7sxlsf8/GcfQoJNK0aXiz0WeEAf8sCk3
SvXZZOo/dg1wwCybGnRPdDccpDmy/z7D+tMAgqn7e6bDiz3CqQxnfyealpVvV9I1
D9ulM0dCbTB4K+4S8ziKVLGIJ55wHq5VUhQSnWISiKE5NZh/Yt1+BAvuYrTu+pBi
GuDcc1dXNLzyR+lb9IV7oL6a2Mm3EbwGisQMRPQ=iNga
-----END PGP PUBLIC KEY BLOCK-----

On 08/04/2010 15:25, "Pasi Kärkkäinen" <pasik@iki.fi> wrote:
> Hello,
> 
> Added xen-devel to CC..
> 
> -- Pasi
> 
> On Thu, Apr 08, 2010 at 12:28:05AM +0200, Ralf Philipp Weinmann wrote:
>> Hi *,
>> 
>> I''ve been wanting to play with the xen-4.0.0 release. Having
downloaded the
>> xen-4.0.0 tarball and the corresponding digital signature from [1], I
tried
>> to verify the signature of the tarball using GnuPG:
>> 
>> -- snip --
>> 
>> $ gpg --verify  xen-4.0.0.tar.gz.sig
>> gpg: Signature made Wed 07 Apr 2010 06:14:55 PM CEST using RSA key ID
>> 57E82BD9
>> gpg: Can''t check signature: public key not found
>> 
>> -- snap --
>> 
>> I can''t find this key anywhere. Neither on xen.org nor on the
xensource.com
>> pages. Nothing on the key servers either.  How are Xen users supposed
to
>> verify
>> the authenticity of the released sources if the signing key
isn''t published
>> anywhere?
>> 
>> Here are the SHA-1 checksums of the files I downloaded:
>> 
>> SHA1(xen-4.0.0.tar.gz)= bf2430c896aed0deae99b1b8c3fa73e8aaf125ee
>> SHA1(xen-4.0.0.tar.gz.sig)= fb0b20c9a90615b9299af026f25dd48cfe1b11f8
>> 
>> Cheers,
>> Ralf
>> 
>> [1] Xen Hypervisor 4.0.0 Download
>>     http://www.xen.org/products/xen_source.html
>> 
>> _______________________________________________
>> Xen-users mailing list
>> Xen-users@lists.xensource.com
>> http://lists.xensource.com/xen-users
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Xen users - Apr 2010 - PGP key for signature on xen-4.0.0.tar.gz

[Xen-users] PGP key for signature on xen-4.0.0.tar.gz

Re: [Xen-users] PGP key for signature on xen-4.0.0.tar.gz

Re: [Xen-devel] Re: [Xen-users] PGP key for signature on xen-4.0.0.tar.gz