Hi Laszlo,
you can find the keys on the public key servern. I've attached the fingerprints, but gpg can also show you when trying to verify it.
Why are there two signatures in the GPG signature file (for release 4.6) and why do the signature dates differ from the release date (according to the website)?
More signatures are better ;). Choose your own trust anchor. I've signed it after it was released.
Best, lynxis
Alexander Couzens lynxis@fe80.eu Key fingerprint = 390D CF78 8BF9 AA50 4F8F F1E2 C29E 9DA6 A0DF 8604
Martin Roth (coreboot developer) martin@coreboot.org Key fingerprint = 574C E6F6 855C FDEB 7D36 8E9D 1979 6C2B 3E4F 7DF7
Hi Iynxis, thanks a lot for the information and the quick reply! Also, sorry for the basic and not exactly coreboot related question. Cheers, László
-------- Original Message -------- Subject: Re: [coreboot] GPG public key for corboot release signatures Local Time: June 24, 2017 9:50 PM UTC Time: June 24, 2017 7:50 PM From: lynxis@fe80.eu To: coreboot@coreboot.org coreboot@coreboot.org László Szücs laszlo.szucs@protonmail.com Hi Laszlo, you can find the keys on the public key servern. I"ve attached the fingerprints, but gpg can also show you when trying to verify it. > Why are there two signatures in the GPG signature file (for release > 4.6) and why do the signature dates differ from the release date > (according to the website)? More signatures are better ;). Choose your own trust anchor. I"ve signed it after it was released. Best, lynxis Alexander Couzens Key fingerprint = 390D CF78 8BF9 AA50 4F8F F1E2 C29E 9DA6 A0DF 8604 Martin Roth (coreboot developer) Key fingerprint = 574C E6F6 855C FDEB 7D36 8E9D 1979 6C2B 3E4F 7DF7 -- Alexander Couzens mail: lynxis@fe80.eu jabber: lynxis@fe80.eu mobile: +4915123277221 gpg: 390D CF78 8BF9 AA50 4F8F F1E2 C29E 9DA6 A0DF 8604