brave/tor_build_scripts

Check zlib developer GPG signature

Closed this issue · 0 comments

zlib releases are signed by Mark Adler:

$ gpg --verify zlib-1.2.13.tar.gz.asc
gpg: assuming signed data in 'zlib-1.2.13.tar.gz'
gpg: Signature made Thu 13 Oct 2022 01:45:13 PM PDT
gpg:                using DSA key 5ED46A6721D365587791E2AA783FCD8E58BCAFBA
gpg: Good signature from "Mark Adler <madler@alumni.caltech.edu>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 5ED4 6A67 21D3 6558 7791  E2AA 783F CD8E 58BC AFBA