[cups] CUPS 2.2.8 Now Available
Michael Sweet
msweet at apple.com
Wed Jun 6 04:24:40 PDT 2018
Johannes,
It looks like the release was signed by my personal PGP key and not the Apple one. Will fix and re-post...
Sent from my iPad
> On Jun. 6, 2018, at 3:52 a.m., Johannes Meixner <jsmeix at suse.de> wrote:
>
>
> Hello Michael
>
> On Jun 5 12:29 Michael Sweet wrote (excerpt):
>> CUPS 2.2.8 ...
>> https://github.com/apple/cups/releases/tag/v2.2.8
>
> There is an issue with the signature.
>
> When I download cups-2.2.8-source.tar.gz plus cups-2.2.8-source.tar.gz.sig
> from the above URL I get
> -----------------------------------------------------------------------------
> gpg --verify cups-2.2.8-source.tar.gz.sig cups-2.2.8-source.tar.gz
> gpg: Signature made Tue Jun 5 18:07:23 2018 CEST using RSA key ID 27815955
> gpg: Can't check signature: No public key
> -----------------------------------------------------------------------------
>
> In contrast that works with cups-2.2.7-source.tar.gz
> plus cups-2.2.7-source.tar.gz.sig from
> https://github.com/apple/cups/releases/tag/v2.2.7
> -----------------------------------------------------------------------------
> gpg --verify cups-2.2.7-source.tar.gz.sig cups-2.2.7-source.tar.gz
> gpg: Signature made Tue Mar 27 18:02:16 2018 CEST using RSA key ID 35DA97EB
> gpg: Good signature from "CUPS.org <security at cups.org>" [unknown]
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg: There is no indication that the signature belongs to the owner.
> Primary key fingerprint: 45D0 8394 6E30 3528 2B3C CA9A F434 1042 35DA 97EB
> -----------------------------------------------------------------------------
>
> I have the "Current CUPS.org PGP Key" from https://www.cups.org/pgp.html
> -----------------------------------------------------------------------------
> gpg --list-keys
> ...
> pub 4096R/35DA97EB 2017-12-19 [expires: 2021-12-19]
> uid [ unknown] CUPS.org <security at cups.org>
> sub 4096R/4FBD127B 2017-12-19 [expires: 2021-12-19]
> -----------------------------------------------------------------------------
>
> It seems the signature made for cups-2.2.8-source.tar.gz
> with key ID 27815955 was the wrong key because it should
> have been made with key ID 35DA97EB.
>
>
> Kind Regards
> Johannes Meixner
> --
> SUSE LINUX GmbH - GF: Felix Imendoerffer, Jane Smithard,
> Graham Norton - HRB 21284 (AG Nuernberg)
>
More information about the cups
mailing list