osdir.com

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Totally Legit Signing Key?


For once I tried to verify a download from python.org, following the steps outlined at

https://www.python.org/downloads/#pubkeys

"""
You can import the release manager public keys by either downloading the public key file from here and then running

gpg --import pubkeys.txt
"""

When I ran the command above I saw

$ gpg --import pubkeys.txt 
gpg: Schl?ssel 6F5E1540: "Ned Deily <nad at acm.org>" 2 neue Signaturen
gpg: Schl?ssel 6A45C816: "Anthony Baxter <anthony at interlink.com.au>" nicht ge?ndert
gpg: Schl?ssel 36580288: "Georg Brandl (Python release signing key) <georg at python.org>" 2 neue Signaturen
gpg: Schl?ssel 7D9DC8D2: "Martin v. L?wis <martin at v.loewis.de>" nicht ge?ndert
gpg: Schl?ssel 18ADD4FF: "Benjamin Peterson <bp at benjamin.pe>" 3 neue Signaturen
gpg: Schl?ssel A4135B38: "Benjamin Peterson <benjamin at python.org>" 1 neue Signatur
gpg: Schl?ssel A74B06BF: "Barry Warsaw <barry at warsaw.us>" 138 neue Signaturen
gpg: Schl?ssel EA5BBD71: "Barry A. Warsaw <barry at warsaw.us>" 6 neue Signaturen
gpg: Schl?ssel E6DF025C: "Ronald Oussoren <ronaldoussoren at mac.com>" nicht ge?ndert
gpg: Schl?ssel F73C700D: "Larry Hastings <larry at hastings.org>" 2 neue Signaturen
gpg: Schl?ssel AA65421D: "Ned Deily (Python release signing key) <nad at python.org>" 1 neue User-ID
gpg: Schl?ssel AA65421D: "Ned Deily (Python release signing key) <nad at python.org>" 20 neue Signaturen
gpg: Schl?ssel 487034E5: "Steve Dower (Python Release Signing) <steve.dower at microsoft.com>" 8 neue Signaturen
gpg: Schl?ssel 10250568: ?ffentlicher Schl?ssel "?ukasz Langa (GPG langa.pl) <lukasz at langa.pl>" importiert
gpg: Schl?ssel 487034E5: ?ffentlicher Schl?ssel "Totally Legit Signing Key <mallory at example.org>" importiert
gpg: Schl?ssel F73C700D: ?ffentlicher Schl?ssel "Totally Legit Signing Key <mallory at example.org>" importiert
gpg: Schl?ssel 6F5E1540: ?ffentlicher Schl?ssel "Totally Legit Signing Key <mallory at example.org>" importiert
gpg: Schl?ssel AA65421D: ?ffentlicher Schl?ssel "Totally Legit Signing Key <mallory at example.org>" importiert
gpg: Schl?ssel E6DF025C: ?ffentlicher Schl?ssel "Totally Legit Signing Key <mallory at example.org>" importiert
gpg: Schl?ssel EA5BBD71: ?ffentlicher Schl?ssel "Totally Legit Signing Key <mallory at example.org>" importiert
[...]

Now "totally legit" does sound like anything but "totally legit". Is there a 
problem with my machine, or python.org, or is this all "totally legit"?

Advice or pointers welcome.