[squid-users] Squid distribution keyring
Amos Jeffries
squid3 at treenet.co.nz
Tue Aug 9 15:12:24 UTC 2016
On 9/08/2016 8:54 p.m., Adam Majer wrote:
> Hello,
>
> Squid-cache.org download page has all the tarballs and detached
> signatures. Thank you!
>
> But is there an official keyring for validating these signatures?
The .asc files containing detatched signature should also be referencing
several ways to find the keyring data:
keyring = http://www.squid-cache.org/pgp.asc
keyserver = subkeys.pgp.net
The keyserver report the key is outdated and I've not been able to
change that. Probably because they no longer accept short bit-lengths on
keys.
> Is it
> only Amos Jeffries (Primary key fingerprint: EA31 CC5E 9488 E516 8D2D
> CC5E B268 E706 FF5C F463) that is doing releases?
For now yes. I'm planning to do a key rollover soon-ish for Squid-4
stable releases. The new key will be signed by that previous one.
Amos
More information about the squid-users
mailing list