[OpenWrt-Devel] Missing GPG signatures
autosend at riseup.net
autosend at riseup.net
Mon Dec 17 08:47:21 EST 2018
Hello
I couldn't find a way to cross verify the 18.06 key using the 17.01 key.
So it seems anyone with the 17.01 key is not at any advantage over a totally new
user, when upgrading to 18.06.
This is a very unusual situation compared to what all major Linux distributions
are doing nowadays.
I then imported all GPG keys associated with OpenWRT and was confused to find
that there seems to be no cross-signing of keys anywhere?
It seems only Robert Call of the LibreCMC fork is consistently signing releases
with the same key. But how is he verifying upstream...?
Below is a full output of the situation.
gpg --fingerprint --list-sigs
pub rsa4096 2017-01-16 [SC] [expires: 2019-01-16]
B09BE781AE8A0CD4702FDCD3833C6010D52BBB6B
uid [ unknown] LEDE Release Builder (17.01 "Reboot" Signing Key) <lede-dev at lists.lede-project.org>
sig 3 833C6010D52BBB6B 2017-01-16 LEDE Release Builder (17.01 "Reboot" Signing Key) <lede-dev at lists.lede-project.org>
pub rsa4096 2018-05-16 [SC] [expires: 2020-05-15]
6768C55E79B032D77A28DA5F0F20257417E1CE16
uid [ unknown] OpenWrt Release Builder (18.06 Signing Key) <openwrt-devel at lists.openwrt.org>
sig 3 0F20257417E1CE16 2018-05-18 OpenWrt Release Builder (18.06 Signing Key) <openwrt-devel at lists.openwrt.org>
pub rsa4096 2016-07-26 [SC]
54CC74307A2C6DC9CE618269CD84BCED626471F1
uid [ unknown] LEDE Build System (LEDE GnuPG key for unattended build jobs) <lede-adm at lists.infradead.org>
sig 3 CD84BCED626471F1 2016-07-26 LEDE Build System (LEDE GnuPG key for unattended build jobs) <lede-adm at lists.infradead.org>
sub rsa4096 2016-07-26 [S]
sig CD84BCED626471F1 2016-07-26 LEDE Build System (LEDE GnuPG key for unattended build jobs) <lede-adm at lists.infradead.org>
pub rsa4096 2016-08-26 [SC]
10BDEE38E7DFDFC7D5D3CC09ED7282E208DAF586
uid [ unknown] Florian Fainelli (LEDE Signing Key) <f.fainelli at gmail.com>
sig 3 ED7282E208DAF586 2016-08-26 Florian Fainelli (LEDE Signing Key) <f.fainelli at gmail.com>
pub rsa4096 2016-12-06 [SC]
569E3F24712DEF28C2448C12AAD7E1690C74E7B8
uid [ unknown] Hans Dedecker (LEDE Signing Key) <dedeckeh at gmail.com>
sig 3 AAD7E1690C74E7B8 2016-12-06 Hans Dedecker (LEDE Signing Key) <dedeckeh at gmail.com>
sub rsa4096 2016-12-06 [S] [expires: 2018-12-06]
sig AAD7E1690C74E7B8 2016-12-06 Hans Dedecker (LEDE Signing Key) <dedeckeh at gmail.com>
pub rsa4096 2016-12-11 [SC]
3176362F0318F3C17DBF89DE818021EBB6C9ECDA
uid [ unknown] Stijn Tintel (LEDE Signing Key) <stijn at linux-ipv6.be>
sig 3 818021EBB6C9ECDA 2016-12-11 Stijn Tintel (LEDE Signing Key) <stijn at linux-ipv6.be>
sub rsa4096 2016-12-11 [S] [expires: 2018-12-11]
sig 818021EBB6C9ECDA 2016-12-11 Stijn Tintel (LEDE Signing Key) <stijn at linux-ipv6.be>
pub rsa4096 2016-04-26 [SC]
C2C9C93BF4775C11D4F6617C9C46FAFC12D89000
uid [ unknown] Ted Hess (LEDE Signing Key) <thess at kitschensync.net>
sig 3 9C46FAFC12D89000 2016-04-26 Ted Hess (LEDE Signing Key) <thess at kitschensync.net>
pub rsa4096 2016-04-14 [SC]
B4DE4970B205473D26CD818F9E8F1F2934E5BBCC
uid [ unknown] John Crispin (LEDE Signing Key) <john at phrozen.org>
sig 3 9E8F1F2934E5BBCC 2016-04-14 John Crispin (LEDE Signing Key) <john at phrozen.org>
pub rsa4096 2016-04-05 [SC]
69B26A2762D065E66F596755C76FDE50612A0E98
uid [ unknown] Jo-Philipp Wich (LEDE Signing Key) <jo at mein.io>
sig 3 C76FDE50612A0E98 2016-04-05 Jo-Philipp Wich (LEDE Signing Key) <jo at mein.io>
pub rsa4096 2012-12-18 [SC] [expires: 2019-06-08]
390DCF788BF9AA504F8FF1E2C29E9DA6A0DF8604
uid [ unknown] Alexander Couzens <lynxis at fe80.eu>
sig 3 C29E9DA6A0DF8604 2016-08-20 Alexander Couzens <lynxis at fe80.eu>
sig 61D851D9A6822153 2015-12-06 [User ID not found]
sig 01E670EFB6ED1A3A 2016-04-04 [User ID not found]
sig EA71ABC5AB83B1C3 2014-06-28 [User ID not found]
sig 091AB856069AAA1C 2016-04-20 [User ID not found]
sig EBF67A846AABE354 2016-10-03 [User ID not found]
sig 6C6580E77BD756C4 2016-05-22 [User ID not found]
sig 3 78D4EEEF482CB982 2015-08-30 [User ID not found]
sig 4B043FCDB9444540 2016-12-29 [User ID not found]
sig 153FE398821C8394 2018-08-22 [User ID not found]
sig 3 C29E9DA6A0DF8604 2013-08-19 Alexander Couzens <lynxis at fe80.eu>
sig 3 C29E9DA6A0DF8604 2014-10-27 Alexander Couzens <lynxis at fe80.eu>
sig 2 P 1318EFAC5FBBDBCE 2015-12-06 [User ID not found]
sig 3 C29E9DA6A0DF8604 2017-09-12 Alexander Couzens <lynxis at fe80.eu>
sig 3 C29E9DA6A0DF8604 2018-06-08 Alexander Couzens <lynxis at fe80.eu>
uid [ unknown] Alexander Couzens <lynxis at base45.de>
sig 3 C29E9DA6A0DF8604 2016-08-20 Alexander Couzens <lynxis at fe80.eu>
sig 61D851D9A6822153 2015-12-06 [User ID not found]
sig 01E670EFB6ED1A3A 2016-04-04 [User ID not found]
sig EA71ABC5AB83B1C3 2014-06-28 [User ID not found]
sig 091AB856069AAA1C 2016-04-20 [User ID not found]
sig EBF67A846AABE354 2016-10-03 [User ID not found]
sig 6C6580E77BD756C4 2016-05-22 [User ID not found]
sig 3 78D4EEEF482CB982 2015-08-30 [User ID not found]
sig 4B043FCDB9444540 2016-12-29 [User ID not found]
sig 153FE398821C8394 2018-08-22 [User ID not found]
sig 3 C29E9DA6A0DF8604 2014-10-27 Alexander Couzens <lynxis at fe80.eu>
sig 3 C29E9DA6A0DF8604 2013-01-01 Alexander Couzens <lynxis at fe80.eu>
sig 2 P 1318EFAC5FBBDBCE 2015-12-06 [User ID not found]
sig 3 C29E9DA6A0DF8604 2017-09-12 Alexander Couzens <lynxis at fe80.eu>
sig 3 C29E9DA6A0DF8604 2018-06-08 Alexander Couzens <lynxis at fe80.eu>
uid [ unknown] Alexander Couzens <couzens at fe80.eu>
sig 3 C29E9DA6A0DF8604 2016-08-20 Alexander Couzens <lynxis at fe80.eu>
sig 01E670EFB6ED1A3A 2016-04-04 [User ID not found]
sig EA71ABC5AB83B1C3 2014-06-28 [User ID not found]
sig 2067001B1B678A63 2015-12-10 [User ID not found]
sig 091AB856069AAA1C 2016-04-20 [User ID not found]
sig EBF67A846AABE354 2016-10-03 [User ID not found]
sig 6C6580E77BD756C4 2016-05-22 [User ID not found]
sig 2 1E953E27D4311E58 2015-12-10 [User ID not found]
sig 4B043FCDB9444540 2016-12-29 [User ID not found]
sig 153FE398821C8394 2018-08-22 [User ID not found]
sig 3 C29E9DA6A0DF8604 2014-10-27 Alexander Couzens <lynxis at fe80.eu>
sig 3 C29E9DA6A0DF8604 2014-05-26 Alexander Couzens <lynxis at fe80.eu>
sig 3 C29E9DA6A0DF8604 2017-09-12 Alexander Couzens <lynxis at fe80.eu>
sig 3 C29E9DA6A0DF8604 2018-06-08 Alexander Couzens <lynxis at fe80.eu>
uid [ unknown] Alexander Couzens <couzens at datanauten.de>
sig 3 C29E9DA6A0DF8604 2016-08-20 Alexander Couzens <lynxis at fe80.eu>
sig 01E670EFB6ED1A3A 2016-04-04 [User ID not found]
sig 2067001B1B678A63 2015-12-10 [User ID not found]
sig 091AB856069AAA1C 2016-04-20 [User ID not found]
sig EBF67A846AABE354 2016-10-03 [User ID not found]
sig 6C6580E77BD756C4 2016-05-22 [User ID not found]
sig 4B043FCDB9444540 2016-12-29 [User ID not found]
sig 153FE398821C8394 2018-08-22 [User ID not found]
sig 3 C29E9DA6A0DF8604 2015-01-28 Alexander Couzens <lynxis at fe80.eu>
sig 3 C29E9DA6A0DF8604 2017-09-12 Alexander Couzens <lynxis at fe80.eu>
sig 3 C29E9DA6A0DF8604 2018-06-08 Alexander Couzens <lynxis at fe80.eu>
sub rsa4096 2012-12-18 [E] [expires: 2019-06-08]
sig C29E9DA6A0DF8604 2016-08-20 Alexander Couzens <lynxis at fe80.eu>
sig C29E9DA6A0DF8604 2018-06-08 Alexander Couzens <lynxis at fe80.eu>
pub rsa4096 2016-04-16 [SC]
5155F5AEEACC0C33E8A36F2A9E2ADB5CAA382EC1
uid [ unknown] Álvaro Fernández Rojas (LEDE Signing Key) <noltari at gmail.com>
sig 3 9E2ADB5CAA382EC1 2016-04-16 Álvaro Fernández Rojas (LEDE Signing Key) <noltari at gmail.com>
pub rsa4096 2015-09-16 [SC]
DE0A8D015F03409CF11DAE55979B9775C7D8655C
uid [ unknown] Robert Call (RISCi_ATOM) <bob at thinkpenguin.com>
sig 3 9D0DB31B545A3198 2018-08-02 [User ID not found]
sig 23069B8361B05B34 2018-08-06 [User ID not found]
sig 3 979B9775C7D8655C 2015-09-20 Robert Call (RISCi_ATOM) <bob at thinkpenguin.com>
uid [ unknown] Robert Call (RISCi_ATOM) <bob at librecmc.org>
sig 3 DC53C17DAFBE6895 2015-09-16 [User ID not found]
sig 3 9D0DB31B545A3198 2018-08-02 [User ID not found]
sig 23069B8361B05B34 2018-08-06 [User ID not found]
sig 3 979B9775C7D8655C 2015-09-16 Robert Call (RISCi_ATOM) <bob at thinkpenguin.com>
sig 3 979B9775C7D8655C 2015-09-16 Robert Call (RISCi_ATOM) <bob at thinkpenguin.com>
uid [ unknown] Robert Call (RISCi_ATOM) <info at librecmc.org>
sig 3 9D0DB31B545A3198 2018-08-02 [User ID not found]
sig 23069B8361B05B34 2018-08-06 [User ID not found]
sig 3 979B9775C7D8655C 2015-09-20 Robert Call (RISCi_ATOM) <bob at thinkpenguin.com>
uid [ unknown] [jpeg image of size 9038]
sig 3 DC53C17DAFBE6895 2015-09-16 [User ID not found]
sig 3 9D0DB31B545A3198 2018-08-02 [User ID not found]
sig 23069B8361B05B34 2018-08-06 [User ID not found]
sig 3 979B9775C7D8655C 2015-09-16 Robert Call (RISCi_ATOM) <bob at thinkpenguin.com>
sig 3 979B9775C7D8655C 2015-09-16 Robert Call (RISCi_ATOM) <bob at thinkpenguin.com>
sub rsa4096 2015-09-16 [E]
sig 979B9775C7D8655C 2015-09-16 Robert Call (RISCi_ATOM) <bob at thinkpenguin.com>
sub rsa4096 2015-09-16 [S]
sig 979B9775C7D8655C 2015-09-16 Robert Call (RISCi_ATOM) <bob at thinkpenguin.com>
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list