LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices



Reply
 
Search this Thread
Old 07-01-2010, 03:03 AM   #1
pr_deltoid
Member
 
Registered: Jun 2010
Distribution: Fedora
Posts: 289

Rep: Reputation: 41
Where is GNU's public key?


I can't find GNU's public key anywhere. I searched on ftp.gnu.org and I googled, and I can't find their public key.
 
Old 07-01-2010, 03:17 AM   #2
alli_yas
Member
 
Registered: Apr 2010
Location: Johannesburg
Distribution: Fedora 14, RHEL 5.5, CentOS 5.5, Ubuntu 10.04
Posts: 559

Rep: Reputation: 92
Hi

Is this what you're looking for - http://www.gnu.org/usenet/usenet-gpg-key.txt
 
Old 07-01-2010, 03:28 AM   #3
pr_deltoid
Member
 
Registered: Jun 2010
Distribution: Fedora
Posts: 289

Original Poster
Rep: Reputation: 41
I guess so... I saw that, but since it said "usenet" I thought it was some specific public key and not the general public key...
EDIT: Nope. That's not it.

Quote:
To automatically create new gnu.* newsgroups and remove defunct ones, please honor all control messages in gnu.* from usenet@gnu.org that are signed by the corresponding GPG public key (see below). The INN control.ctl entry is:

## GNU (Free Software Foundation)
# Contact: usenet@gnu.org
# URL: http://www.gnu.org/usenet/usenet.html
# Key URL: http://www.gnu.org/usenet/usenet-gpg-key.txt
# Key Fingerprint = C006 C321 A9A6 635D 0F6D AEB2 7358 FE1D F904 5B7D
checkgroups:usenet@gnu.org:gnu.*:verify-usenet@gnu.org
newgroup:usenet@gnu.org:gnu.*:verify-usenet@gnu.org
rmgroup:usenet@gnu.org:gnu.*:verify-usenet@gnu.org

A very long time ago, control messages used to be sent from gnu@prep.ai.mit.edu or from news@prep.ai.mit.edu; these addresses are now entirely obsolete.

All control messages in the gnu.* hierarchy are signed with a GPG signature using the GNU Privacy Guard (GnuPG). News servers should have a mechanism that allows them to verify those signatures; see your news server documentation.

Download the gnu.* PGP public key.

Last edited by pr_deltoid; 07-01-2010 at 03:40 AM.
 
Old 09-26-2014, 08:57 AM   #4
miriam-e
LQ Newbie
 
Registered: Nov 2011
Location: QLD, Australia
Distribution: Puppy Linux
Posts: 15

Rep: Reputation: Disabled
I've just been pratting around for about an hour trying to verify the latest version of bash and its patches from ftp.gnu.org (after hearing about the shellshock bug and wanting to protect myself). I couldn't find the gnu public key anywhere.

I eventually found a question on stackoverflow.com at
http://stackoverflow.com/questions/5...-for-gnu-emacs
which has a great answer which included where to find the Gnu public keys:
http://ftp.gnu.org/gnu/gnu-keyring.gpg
After downloading them you tell gpg of their existence by:
gpg --import gnu-keyring.gpg

After all this it still doesn't tell you if the signature is trustworthy, nor does it seem to do any check on the file itself (though I could be wrong there).

I don't know why the sha-1 or md5sum systems are not considered good enough. It doesn't seem very secure to use a security system that is not explained in a note on the site. It kinda renders it useless. When I looked for gpg documentation I found a massive manual that goes to the other extreme of burying the user in too much information. I wonder how many people will wade through all that in order to use it.
[sigh]
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Public key, private key explained calande Linux - Security 3 06-12-2008 06:23 AM
Revoking GPG key with only passphrase and public key djib Linux - Security 2 03-13-2007 04:20 AM
GPG Data, Secret Key but no Public Key? Aeiri Linux - Software 5 07-20-2004 07:00 PM
RSA public key encryption/private key decription koningshoed Linux - Security 1 08-08-2002 08:25 AM


All times are GMT -5. The time now is 08:28 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration