Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 07-01-2010, 02:03 AM   #1
Registered: Jun 2010
Distribution: Fedora
Posts: 289

Rep: Reputation: 41
Where is GNU's public key?

I can't find GNU's public key anywhere. I searched on and I googled, and I can't find their public key.
Old 07-01-2010, 02:17 AM   #2
Registered: Apr 2010
Location: Johannesburg
Distribution: Fedora 14, RHEL 5.5, CentOS 5.5, Ubuntu 10.04
Posts: 559

Rep: Reputation: 92

Is this what you're looking for -
Old 07-01-2010, 02:28 AM   #3
Registered: Jun 2010
Distribution: Fedora
Posts: 289

Original Poster
Rep: Reputation: 41
I guess so... I saw that, but since it said "usenet" I thought it was some specific public key and not the general public key...
EDIT: Nope. That's not it.

To automatically create new gnu.* newsgroups and remove defunct ones, please honor all control messages in gnu.* from that are signed by the corresponding GPG public key (see below). The INN control.ctl entry is:

## GNU (Free Software Foundation)
# Contact:
# URL:
# Key URL:
# Key Fingerprint = C006 C321 A9A6 635D 0F6D AEB2 7358 FE1D F904 5B7D***

A very long time ago, control messages used to be sent from or from; these addresses are now entirely obsolete.

All control messages in the gnu.* hierarchy are signed with a GPG signature using the GNU Privacy Guard (GnuPG). News servers should have a mechanism that allows them to verify those signatures; see your news server documentation.

Download the gnu.* PGP public key.

Last edited by pr_deltoid; 07-01-2010 at 02:40 AM.
Old 09-26-2014, 07:57 AM   #4
LQ Newbie
Registered: Nov 2011
Location: QLD, Australia
Distribution: Puppy Linux
Posts: 19

Rep: Reputation: Disabled
I've just been pratting around for about an hour trying to verify the latest version of bash and its patches from (after hearing about the shellshock bug and wanting to protect myself). I couldn't find the gnu public key anywhere.

I eventually found a question on at
which has a great answer which included where to find the Gnu public keys:
After downloading them you tell gpg of their existence by:
gpg --import gnu-keyring.gpg

After all this it still doesn't tell you if the signature is trustworthy, nor does it seem to do any check on the file itself (though I could be wrong there).

I don't know why the sha-1 or md5sum systems are not considered good enough. It doesn't seem very secure to use a security system that is not explained in a note on the site. It kinda renders it useless. When I looked for gpg documentation I found a massive manual that goes to the other extreme of burying the user in too much information. I wonder how many people will wade through all that in order to use it.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Public key, private key explained calande Linux - Security 3 06-12-2008 05:23 AM
Revoking GPG key with only passphrase and public key djib Linux - Security 2 03-13-2007 03:20 AM
GPG Data, Secret Key but no Public Key? Aeiri Linux - Software 5 07-20-2004 06:00 PM
RSA public key encryption/private key decription koningshoed Linux - Security 1 08-08-2002 07:25 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 12:26 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration