[cups] CUPS 2.2.8 Now Available

Michael Sweet msweet at apple.com
Wed Jun 6 05:17:24 PDT 2018 

This is now done...

> On Jun 6, 2018, at 7:24 AM, Michael Sweet <msweet at apple.com> wrote:
> 
> Johannes,
> 
> It looks like the release was signed by my personal PGP key and not the Apple one. Will fix and re-post...
> 
> Sent from my iPad
> 
>> On Jun. 6, 2018, at 3:52 a.m., Johannes Meixner <jsmeix at suse.de> wrote:
>> 
>> 
>> Hello Michael
>> 
>> On Jun 5 12:29 Michael Sweet wrote (excerpt):
>>> CUPS 2.2.8 ...
>>> https://github.com/apple/cups/releases/tag/v2.2.8
>> 
>> There is an issue with the signature.
>> 
>> When I download cups-2.2.8-source.tar.gz plus cups-2.2.8-source.tar.gz.sig
>> from the above URL I get
>> -----------------------------------------------------------------------------
>> gpg --verify cups-2.2.8-source.tar.gz.sig cups-2.2.8-source.tar.gz
>> gpg: Signature made Tue Jun  5 18:07:23 2018 CEST using RSA key ID 27815955
>> gpg: Can't check signature: No public key
>> -----------------------------------------------------------------------------
>> 
>> In contrast that works with cups-2.2.7-source.tar.gz
>> plus cups-2.2.7-source.tar.gz.sig from
>> https://github.com/apple/cups/releases/tag/v2.2.7
>> -----------------------------------------------------------------------------
>> gpg --verify cups-2.2.7-source.tar.gz.sig cups-2.2.7-source.tar.gz
>> gpg: Signature made Tue Mar 27 18:02:16 2018 CEST using RSA key ID 35DA97EB
>> gpg: Good signature from "CUPS.org <security at cups.org>" [unknown]
>> gpg: WARNING: This key is not certified with a trusted signature!
>> gpg:          There is no indication that the signature belongs to the owner.
>> Primary key fingerprint: 45D0 8394 6E30 3528 2B3C  CA9A F434 1042 35DA 97EB
>> -----------------------------------------------------------------------------
>> 
>> I have the "Current CUPS.org PGP Key" from https://www.cups.org/pgp.html
>> -----------------------------------------------------------------------------
>> gpg --list-keys
>> ...
>> pub   4096R/35DA97EB 2017-12-19 [expires: 2021-12-19]
>> uid       [ unknown] CUPS.org <security at cups.org>
>> sub   4096R/4FBD127B 2017-12-19 [expires: 2021-12-19]
>> -----------------------------------------------------------------------------
>> 
>> It seems the signature made for cups-2.2.8-source.tar.gz
>> with key ID 27815955 was the wrong key because it should
>> have been made with key ID 35DA97EB.
>> 
>> 
>> Kind Regards
>> Johannes Meixner
>> -- 
>> SUSE LINUX GmbH - GF: Felix Imendoerffer, Jane Smithard,
>> Graham Norton - HRB 21284 (AG Nuernberg)
>> 
> _______________________________________________
> cups mailing list
> cups at cups.org
> https://lists.cups.org/mailman/listinfo/cups

_________________________________________________________
Michael Sweet, Senior Printing System Engineer

More information about the cups mailing list