Question in the title.
Don’t know. Was it a good signature? You’re going to have to provide more information.
- What command(s) did you run?
- complete output of those command(s).
Yes, it was a good signature.
I ran the command
gpg --import patrick.asc and got the next output:
gpg: key 8D66066A2EEACCDA: public key "Patrick Schleizer <email@example.com>" imported gpg: Total number processed: 1 gpg: imported: 1 gpg: no ultimately trusted keys found
Then I ran the command
gpg --verify-options show-notations --verify Whonix-Gateway-*.libvirt.xz.asc Whonix-Gateway-*.libvirt.xz and got this output:
gpg: Signature made Sat 12 May 2018 05:39:57 PM UTC gpg: using RSA key 6E979B28A6F37C43BE30AFA1CB8D50BB77BB3C48 gpg: Good signature from "Patrick Schleizer <firstname.lastname@example.org>" [unknown] gpg: Signature notation: email@example.com=6E979B28A6F37C43BE30AFA1CB8D50BB77BB3C48 gpg: Signature notation: file@name=Whonix-Gateway-184.108.40.206.4.libvirt.xz gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 916B 8D99 C38E AF5E 8ADC 7A2A 8D66 066A 2EEA CCDA Subkey fingerprint: 6E97 9B28 A6F3 7C43 BE30 AFA1 CB8D 50BB 77BB 3C48
And similar outputs for the
Everything looks good! Its a good signature and the fingerprint matches up.The Whonix images where created earlier than the release date. Nothing to worry about.
These were released earlier as testers-only version. After long enough testing and after finishing up Qubes-Whonix, these Whonix VirtualBox / KVM 220.127.116.11.4 was blessed stable without new build and without new signature.