Hi all,
I'm about to embark on a coreboot build+flash per Mike Banon's G505s
page, but before building I want to verify signatures for the source.
These appear in only one place, on the coreboot.org Downloads page, and
are signed with the key:
D861AB74FB933260193399696B249D77269C04E1
The only problem is there is apparently no mention of the signing key
anywhere else on the coreboot website. I usually look for some explicit,
official reference (preferably in multiple contexts) to a person or
org's key ID before downloading it from a keyserver. Taking the key ID
from an object signature doesn't satisfy that requirement.
--
Chris Laprise, tasket@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
_______________________________________________
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-leave@coreboot.org