|
| 1 | +This is the public PGP/GPG key used to sign roundup distributions. It |
| 2 | +is used for at least the 1.6.0 release. (Note in this file the @ sign |
| 3 | +in emails have been replaced with the word "at".) |
| 4 | + |
| 5 | +Key info: Roundup Team (signing key for roundup releases) |
| 6 | + <roundup-devel at lists.sourceforge.net> |
| 7 | +RSA key ID: 756A76D8 |
| 8 | +Expires: 2023-07-10 |
| 9 | +Key fingerprint = 411E 354B 5D1A F261 25D6 2122 1F2D D0CB 756A 76D8 |
| 10 | + |
| 11 | +Import the key in this file using: |
| 12 | + |
| 13 | + gpg --import roundup.public.pgp.key |
| 14 | + |
| 15 | +Then you can use it to verify a downloaded roundup release from pypi. |
| 16 | +Get the url of the release from: |
| 17 | + |
| 18 | + https://pypi.org/project/roundup |
| 19 | + |
| 20 | +Example (note there is no 1.5.7 release): |
| 21 | + |
| 22 | + https://files.pythonhosted.org/packages/bf/14/d61fac5ed2aaca8c720ac4d4077428b8fdafa356089516ba9ee630975d2a/roundup-1.5.7.tar.gz |
| 23 | + |
| 24 | +download the file then download: |
| 25 | + |
| 26 | + https://files.pythonhosted.org/packages/bf/14/d61fac5ed2aaca8c720ac4d4077428b8fdafa356089516ba9ee630975d2a/roundup-1.5.7.tar.gz.asc |
| 27 | + |
| 28 | +(same url as the file with .asc added at the end). |
| 29 | + |
| 30 | +To verify the tar file run: |
| 31 | + |
| 32 | + gpg --verify roundup-1.5.7.tar.gz.asc roundup-1.5.7.tar.gz |
| 33 | + |
| 34 | +and you should see: |
| 35 | + |
| 36 | + gpg: Signature made Wed 11 Jul 2018 08:40:06 PM EDT using RSA key ID 756A76D8 |
| 37 | + gpg: checking the trustdb |
| 38 | + [...] |
| 39 | + gpg: Good signature from "Roundup Team (signing key for roundup releases) <roundup-devel at lists.sourceforge.net>" |
| 40 | + [...] |
| 41 | + |
| 42 | +which verifies the tarball integrity. If something is wrong you will see: |
| 43 | + |
| 44 | + gpg: Signature made Wed 11 Jul 2018 08:40:06 PM EDT using RSA key ID 756A76D8 |
| 45 | + gpg: BAD signature from "Roundup Team (signing key for roundup releases) <roundup-devel at lists.sourceforge.net>" |
| 46 | + |
| 47 | +*do not use* the tarball if the signature is BAD. Email the |
| 48 | +roundup-devel mailing list if there is a problem. |
| 49 | + |
| 50 | +-----BEGIN PGP PUBLIC KEY BLOCK----- |
| 51 | +Version: GnuPG v1 |
| 52 | + |
| 53 | +mQINBFtGmH4BEADSLfyuTuAMhaTpNkndkkaQTa5CYIS3QMTO5fsk1+EiRe8BlIZO |
| 54 | +GbBYjs9eLn48SLHl+TyM2pNo/9Yr5Jh3/frbARAOg4wwZLagG5w4KKVY2oxxbJla |
| 55 | +dkhnjaf5u6S+ufTnCXmj4ANcntmOXQTEL9tI9mlKc8yB1ZeBrP9mdrELz/Kasxfx |
| 56 | +MMsQqtuHc4xazNN8xI5St+MAP9B1Hos6QRjMiT5CiyAob2UvSoPoG5FkypoNWioF |
| 57 | +E1ZyHSHVgahSyo2y3w8hqmQoHxWV/VWlU+P5sRdqK0wEucB5B7JbKX+kGLkNoSPS |
| 58 | +TgsgOnS59FhGTXB0ZORZUiAP0eaCka/LMGqZYYZW8ILPSb4sZUJONS8147fsxA1p |
| 59 | +uHAOp4TEaGucVX+YUMBrKm33M8tzpSQ4ljKmywuohiK2a/p3aoGq792QoSFCEwTn |
| 60 | +DvZBJwBXxS5sNWYz4nYXtm8H9thqh+0KvsNl/ai8FcQwiEY07Xi0PB3IU0iWCMul |
| 61 | +TXvBR4u0LZ7pg0D5qwQuj52EJCecPp2S1hynbprA6Nql+0PLkE082p+gvk+7bH0O |
| 62 | +x8fERUNuio7TAzvWbs5c41Hf9b4raSeI8vlQc62xfWRkVC6FeNB0qYgTHWEn9gZR |
| 63 | +PYChgwDWlLqIoxrAgTK2XcxptzzZZ0Gmfbw3hjjrO9rq0/7VYDSu00woAQARAQAB |
| 64 | +tFVSb3VuZHVwIFRlYW0gKHNpZ25pbmcga2V5IGZvciByb3VuZHVwIHJlbGVhc2Vz |
| 65 | +KSA8cm91bmR1cC1kZXZlbEBsaXN0cy5zb3VyY2Vmb3JnZS5uZXQ+iQI+BBMBAgAo |
| 66 | +BQJbRph+AhsDBQkJZgGABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAfLdDL |
| 67 | +dWp22Bc3EAC5+cripScyjxKfgqyvGDM1u/eoOql/FGYljXJDfaoOWNVmBB17Lu+U |
| 68 | +aDsNIvAznYkvIyKTR+PWGZHmzqE5yAzIwxPTA+GC1TfaccKJeSiBanW1n9aJkbLU |
| 69 | +yu+D15Hw9JhltjcjsbGD2Y34KQgMbosAPok9u8UZMPbben5q/KGD9nwfiGPpYSPN |
| 70 | +3FTjzJbRjD6z0ZCvuqUweXehT6n82JjPal2GEfz2GPgbTyR0WVhDiYwPjYRiMnpf |
| 71 | +DAXh9iQLc+tJ8pyW1HMTaHY2OjGjJSX+tqyJVmcBz7MYGquz+FFP/xXsiwwgt/JL |
| 72 | +BOQDz9VzvrLXQTqmuNtfVvj1haxBSfkEYlp0TsghDuEH5V8U9PILkhDS7L3e18DW |
| 73 | +nQSQiWguVgS3iNSs3BRgJb3N7jQQTqE5L3YPYBLG+PPcj0znj36cCWjOACJhfMse |
| 74 | +B7T08acKn02WWfeN5iSCCFf3LbivTB//dqbat/+r5LgNv0JkfWvXRdoajGbvOEA4 |
| 75 | +TrOOMQqYUb6G3sRwqfgVmFaWgE8ner1Oe0rm4J0ZHFG6NCmYOz0q+WCzD6K+KHkx |
| 76 | +JrbklE8EH6zQltUHViUGiqsedfy3TM8rdsrcCAo//RNVgXshee3lrDDalJ53cXk6 |
| 77 | +eJgU+4coK19nMAAmC5lCe07zvXLFqLVE/Tq9SRZX7WvvAIYCYm7Qw7kCDQRbRph+ |
| 78 | +ARAArN5258ibvf81t96P2Z7BrOkYKv8I1DlznwNRdqCeM68kccu2NzlIIi2pGiyf |
| 79 | +Voz8Qe68ggVnVCkAGcdUH2ovppEFSTY7oiJaO0GLmNtKT0P70uOaAjSj2IYDxLmJ |
| 80 | +qOYEZsV+b/oQWKN8y5df6beLfHThVDbkIwirlR93v0LfnnKu+A5lZlUDhXX7RR73 |
| 81 | +tKkwbyD+2HO++ZR/acLHpBNlFSbZ1UUsyCip8Q+MWMQRaKBOAbC9sC6dctscIe2h |
| 82 | +ffa5SmGLVB77SQHzJ5OD2z51MOOQHVCGX0u4d0bdwruiBrqvKmWS2udxDdp5USYd |
| 83 | +X3XjB+6DdwSeafx2FnfpyfT7U6YCdVdqN32gUhnZo0Vg32qVbsZUX9yd//SX/ZXu |
| 84 | +3Utg+pQneIoVcwSj5EHpphHJNR8Fat6xhb3sahLvAhBzlDqvVhDtKsLaCasidLla |
| 85 | +GBqglzmJI6U7NkiOu7GJ1IvQSQr3ZpTlto/ZcWygVOgDoamCgi0NCjvWI8MIqChR |
| 86 | +dSRo5SbTZzaevZd91datrv+SE2QGqYv/4a6DQDDqOVvR1Dw5nMNloXkRnOK2JTj0 |
| 87 | ++Sk3VCMiMYXGr93+Jo3yXOLGD02JO7nLwcqUgnLb1RQKPvF48sOc8TuwJTwp6DCX |
| 88 | +cDIfLWdkzpy97xGlcF9oEhFldZ1tuJHImpExwimyeyzkyrcAEQEAAYkCJQQYAQIA |
| 89 | +DwUCW0aYfgIbDAUJCWYBgAAKCRAfLdDLdWp22L+wEACbGt9ZYM1PizUaqEAGtwal |
| 90 | +wP7h54/Zc8RcofuJbv4zn5roJdRHlPBGtLrfZazmA+OMND+4B3j0ioBuTEMJ7fSV |
| 91 | +LBe0OirM+YLvRE1Nm6INS9fhy9M7mXbj4z1AT2nG4RJd/XlAkcP/MQevVkBhC/cc |
| 92 | +B+dgoEb8o/pwCBlEBeYEeCe64X9DPGfxXtZft6/0PZNBmWD+9Lg5kala382ZmH8j |
| 93 | +vac25JV/pdrZgLNSq73xdLCI1wyxheP1tpIe4sa3mDfD3zMEeXhe5Slb35z8KXYy |
| 94 | +WEApjTNJWsBDmT2EzdJ3O51Zq1mt//yvsXu8ze2WtIGaIwm+AmkV6uVXDLCqRq9N |
| 95 | +JMmF6n8gXIdjV4S0Von53ah+cbxx1U26kYaDAwyossJTaZnvNxZRRmRj31429zZK |
| 96 | +b1qtvzdtfXbg6d04cnPXV1K02R+/GGmUvM8Akg9KgliFsM/YFC8qdHNztTkgpMuv |
| 97 | +RRHdnecHsGv8u7om4HM7MigcKja9Aan09tm3xEIziPCKJQSM/fZ08f94Yvh4/I4O |
| 98 | +D7LEwlvKnh+6erHlCY0qpeqR6926O1fxGrnHnxSUMjq9RtX88626460BPgfGAWt+ |
| 99 | +qZgOiVpkz6b+o9iffNmM+InsHYNKUHb0BJtNgQYwBPUSDU7AVg1d0uLvCqxrE3Di |
| 100 | +CPmI3olFQ8jLtLShWbAOCA== |
| 101 | +=rt/1 |
| 102 | +-----END PGP PUBLIC KEY BLOCK----- |
0 commit comments