[Libreoffice-bugs] [Bug 125780] Public key for verifying signature of AppImage packages not uploaded to key server(s) !
bugzilla-daemon at bugs.documentfoundation.org
bugzilla-daemon at bugs.documentfoundation.org
Tue May 26 18:49:00 UTC 2020
https://bugs.documentfoundation.org/show_bug.cgi?id=125780
Fernando <rapettif at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|FIXED |---
Status|RESOLVED |REOPENED
Ever confirmed|0 |1
--- Comment #5 from Fernando <rapettif at gmail.com> ---
Hi,
I just downloaded the LibreOffice AppImage, and had to search a lot for the
public key, until i finally did this:
$ gpg2 --keyserver hkp://keys.gnupg.net --search-keys libreoffice.org
And even then, the result was this:
$ gpg2 --verify LibreOffice-still.standard-x86_64.AppImage.asc
gpg: asumiendo que los datos firmados están en
'LibreOffice-still.standard-x86_64.AppImage'
gpg: Firmado el mié 06 may 2020 09:13:32 -03
gpg: usando RSA clave D4761B78E365B53D
gpg: Firma correcta de "Antonio Faccioli (LibreOffice AppImage Package)
<antonio.faccioli at libreoffice.org>" [desconocido]
gpg: ATENCIÓN: ¡Esta clave no está certificada por una firma de confianza!
gpg: No hay indicios de que la firma pertenezca al propietario.
Huellas dactilares de la clave primaria: DA5E 52F8 C6C9 DC6F 1473 E903 D476
1B78 E365 B53D
So, i don't see how is this fixed. It's supposed to bring trust, otherwise why
not just publish the SHA256, that at least is easy to verify, and doesn't shows
warnings everywhere?
Regards
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/libreoffice-bugs/attachments/20200526/84a12e19/attachment.htm>
More information about the Libreoffice-bugs
mailing list