[squid-users] Squid distribution keyring

Amos Jeffries squid3 at treenet.co.nz
Tue Aug 9 15:12:24 UTC 2016


On 9/08/2016 8:54 p.m., Adam Majer wrote:
> Hello,
> 
> Squid-cache.org download page has all the tarballs and detached
> signatures. Thank you!
> 
> But is there an official keyring for validating these signatures?

The .asc files containing detatched signature should also be referencing
several ways to find the keyring data:

      keyring = http://www.squid-cache.org/pgp.asc
      keyserver = subkeys.pgp.net

The keyserver report the key is outdated and I've not been able to
change that. Probably because they no longer accept short bit-lengths on
keys.

> Is it
> only Amos Jeffries (Primary key fingerprint: EA31 CC5E 9488 E516 8D2D
> CC5E B268 E706 FF5C F463) that is doing releases?

For now yes. I'm planning to do a key rollover soon-ish for Squid-4
stable releases. The new key will be signed by that previous one.

Amos



More information about the squid-users mailing list