|
|
|
|
|
|
by zobzu
4700 days ago
|
|
|
the primary key is 2B90 598A 745E 992F 315E 22C5 8AB1 3296 3A06 537A not 5445 390E F5D0 C2EC FB8A 6201 057C C3EB 15A0 A4BC if you search for the primary its there (at least it's on pgp.mit.edu as far as I can see)
it's the primary that you need to trust for the trust to work For FF 23: gpg --verify SHA1SUMS.asc
gpg: Signature made Tue 30 Jul 2013 09:32:39 PM PDT using RSA key ID 15A0A4BC
gpg: Good signature from "Mozilla Software Releases <releases@mozilla.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 2B90 598A 745E 992F 315E 22C5 8AB1 3296 3A06 537A
Subkey fingerprint: 5445 390E F5D0 C2EC FB8A 6201 057C C3EB 15A0 A4BC gpg --sign-key 0x8AB132963A06537A gpg --verify SHA1SUMS.asc
gpg: Signature made Tue 30 Jul 2013 09:32:39 PM PDT using RSA key ID 15A0A4BC
gpg: Good signature from "Mozilla Software Releases <releases@mozilla.org>" It is however, indeed, only self-signed right now as far as I can see. |
|
|
Curiously, the 1024 bit DSA key used for some previous releases (0x7f4d66451ebcab3a) has been signed by "Someone at Mozilla Should Sign the Release Key (so users can verify the key's owner!) <anonymous@lulz.example.com>".