Hi all!

    I have a potentially silly question: I would like to use the coreboot 4.6 release from the coreboot.org website. To be sure i would like to verify the GPG signature. Where can I find the appropriate public key(s) for the verification?

Why are there two signatures in the GPG signature file (for release 4.6) and why do the signature dates differ from the release date (according to the website)?

Thanks and apologies if I overlooked/misinterpreted something,

László