Broken signature for 0.6.1

Question

Broken signature for 0.6.1

Closed this issue 6 years ago · 3 comments

It seems like you accidentally created a standard signature instead of a detached signature:

gpg: Signature made Wed 25 Jul 2018 12:06:59 AM CEST
gpg:                using RSA key CB94E3AA3B1755D61EBB19A5F66E3E419F84F4DE
gpg: Good signature from "Iustin Pop <iustin@k1024.org>" [unknown]
gpg:                 aka "Iustin Pop <iusty@k1024.org>" [unknown]
gpg:                 aka "Iustin Pop <iustin@debian.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: CB94 E3AA 3B17 55D6 1EBB  19A5 F66E 3E41 9F84 F4DE
gpg: WARNING: not a detached signature; file 'pyxattr-0.6.1.tar.gz' was NOT verified!

Answer 1 · 2018-10-04T12:42:14.000Z

Oops, sorry for that. Yes, my bash history confirms I forgot -b to the gpg invokation.

All fixed now, thanks!

Answer 2 · 2018-10-12T17:06:08.000Z

It seems like you forgot to fix the signature on https://pyxattr.k1024.org/downloads/ as well...

Answer 3 · 2018-10-12T21:05:33.000Z

Indeed, thanks for the note! Fixed now.