[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] PGP key for signature on xen-4.0.0.tar.gz

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi *,

I've been wanting to play with the xen-4.0.0 release. Having downloaded the
xen-4.0.0 tarball and the corresponding digital signature from [1], I tried
to verify the signature of the tarball using GnuPG:

- -- snip --

$ gpg --verify  xen-4.0.0.tar.gz.sig
gpg: Signature made Wed 07 Apr 2010 06:14:55 PM CEST using RSA key ID 57E82BD9
gpg: Can't check signature: public key not found

- -- snap --

I can't find this key anywhere. Neither on xen.org nor on the xensource.com
pages. Nothing on the key servers either.  How are Xen users supposed to verify
the authenticity of the released sources if the signing key isn't published
anywhere?

Here are the SHA-1 checksums of the files I downloaded:

SHA1(xen-4.0.0.tar.gz)= bf2430c896aed0deae99b1b8c3fa73e8aaf125ee
SHA1(xen-4.0.0.tar.gz.sig)= fb0b20c9a90615b9299af026f25dd48cfe1b11f8

Cheers,
Ralf

[1] Xen Hypervisor 4.0.0 Download
    http://www.xen.org/products/xen_source.html
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAku9BvQACgkQFZzr6u/Nmwa+oACePBipKNKHrH6bhyrK3zORvfTi
/skAoJPE8gZc152zK5B+L7x1xRYfz8JM
=kfaA
-----END PGP SIGNATURE-----

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.