expired GPG key for TeX Live 2020
Norbert Preining
norbert at preining.info
Thu May 7 02:39:23 CEST 2020
Hi Nelson,
On Wed, 06 May 2020, Nelson H. F. Beebe wrote:
> Also, can we get the creator(s) of the *.iso images to sign them as well?
Why would we?
> So far, we have only *.md5 and *.sha256 checksum files for validating
> correct downloads, but not for validating original contents.
And you have the detached signatures for the sha512 files.
That means you can:
- check that the sha512 is correctly signed with our key
- then check that the iso image has the correct sha512
This is the correct way to do verification, directly signing the .iso is
rather cumbersome and doesn't make sense.
Best
Norbert
--
PREINING Norbert https://www.preining.info
Accelia Inc. + IFMGA ProGuide + TU Wien + JAIST + TeX Live + Debian Dev
GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
More information about the tex-live
mailing list.