14 May
2019
14 May
'19
8:34 p.m.
Hi all,
I'm about to embark on a coreboot build+flash per Mike Banon's G505s page, but before building I want to verify signatures for the source. These appear in only one place, on the coreboot.org Downloads page, and are signed with the key:
D861AB74FB933260193399696B249D77269C04E1
The only problem is there is apparently no mention of the signing key anywhere else on the coreboot website. I usually look for some explicit, official reference (preferably in multiple contexts) to a person or org's key ID before downloading it from a keyserver. Taking the key ID from an object signature doesn't satisfy that requirement.
--
Chris Laprise, tasket@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886