Re: [Boost-users] Boost public key

16 Dec 2019


      On 12/16/19 3:55 PM, Rene Rivera via Boost-users wrote:
...
On Mon, Dec 16, 2019 at 12:39 PM David P. Riedel via Boost-users 
mailto:boost-users@lists.boost.org> wrote:
On 12/16/19 1:08 PM, Good Guy via Boost-users wrote:
     > On 16/12/2019 17:15, David P. Riedel via Boost-users wrote:
     >> Hi
     >>
     >> I'm trying to find the boost public pgp key so I can validate the
     >> release archive against its signature file.
     >>
     >> But I can't find where to import the public key from or what it is
     >> called.
     >>
     >> Thanks for any help.
     > Where are you downloading from?  I have seen asc files at this link:
     >
     > https://dl.bintray.com/boostorg/release/1.72.0/source/
     >
     >
     >
    Yes, I've downloaded the .7z archive and the .7z.asc signature file
But when I do:  gpg --verify using the signature and archive file
    names,
    gpg says it can't because I don't have the public key, hence my
    question.
The archives are signed against the Bintray general key. I don't have a 
link handy to it ATM though.
-- 
-- Rene Rivera
-- Grafik - Don't Assume Anything
-- Robot Dreams - http://robot-dreams.net http://robot-dreams.net/
_______________________________________________
Boost-users mailing list
Boost-users@lists.boost.org
https://lists.boost.org/mailman/listinfo.cgi/boost-users
Thanks!  the gpg --verify command which failed said the archive was 
signed using RSA key 379CE192D401AB61.  I tried a gpg --search-keys with 
that ID and found  the Bintray entry which I could then import. gpg 
--verify then did complain that the imported key was untrusted so there 
must be some additional step needed for this to be useful.