expired GPG key for TeX Live 2020
dany111 at email.it
dany111 at email.it
Wed May 6 17:49:45 CEST 2020
Hi,
as I said in the first message, I downloaded texlive2020.iso. When I verify the sha512 with gpg signature, I receive this message
gpg: Signature made 04/06/20 15:40:20 ora legale Europa occidentale
gpg: using RSA key 4CE1877E19438C70
gpg: Good signature from "TeX Live Distribution <tex-live at tug.org>" [unknown]
gpg: Note: This key has expired!
Primary key fingerprint: C78B 82D8 C795 12F7 9CC0 D7C8 0D5E 5D91 06BA B6BC
Subkey fingerprint: D8F2 F860 57A8 57E4 2A88 106A 4CE1 877E 1943 8C70
I refreshed keys from gpg but nothing changed. Then I tried to retrieve the keys from other keyservers, given that in another message (https://tug.org/pipermail/tex-live/2020-April/045332.html) I read that the expired key was renewed so I thought it was my problem.
Given that I don't have tlmgr yet, where could I get the correct key to import and verify the sha512 with gpg signature?
Best regards
------
Hi,
> I thought the key is always updated all the key servers. However, even though I import the key from this keyserver again, gpg always tells me that the key used for the signature has expired. I don't know how to proceed.
We don't use any keyservers for verification in TeX Live. Thus,
keyservers **might** be up to date or not. As I said already, we *ship*
the public key.
How to you check the verification status? Do you use tlmgr? If yes, then
it should use the --homedir where we ship the public key.
Which version of TeX Live are you using.
Norbert
--
PREINING Norbert https://www.preining.info
Accelia Inc. + IFMGA ProGuide + TU Wien + JAIST + TeX Live + Debian Dev
GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
More information about the tex-live
mailing list.