Hi Chris, I'll get my public key uploaded to the website shortly. Thanks for pointing out the issue. Martin
On Tue, May 14, 2019 at 12:34 PM Chris Laprise tasket@posteo.net wrote:
Hi all,
I'm about to embark on a coreboot build+flash per Mike Banon's G505s page, but before building I want to verify signatures for the source. These appear in only one place, on the coreboot.org Downloads page, and are signed with the key:
D861AB74FB933260193399696B249D77269C04E1
The only problem is there is apparently no mention of the signing key anywhere else on the coreboot website. I usually look for some explicit, official reference (preferably in multiple contexts) to a person or org's key ID before downloading it from a keyserver. Taking the key ID from an object signature doesn't satisfy that requirement.
--
Chris Laprise, tasket@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 _______________________________________________ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-leave@coreboot.org