Question in the title.
Don’t know. Was it a good signature? You’re going to have to provide more information.
- What command(s) did you run?
- complete output of those command(s).
1 Like
Yes, it was a good signature.
I ran the command gpg --import patrick.asc and got the next output:
gpg: key 8D66066A2EEACCDA: public key "Patrick Schleizer <adrelanos@riseup.net>" imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: no ultimately trusted keys found
Then I ran the command gpg --verify-options show-notations --verify Whonix-Gateway-*.libvirt.xz.asc Whonix-Gateway-*.libvirt.xz and got this output:
gpg: Signature made Sat 12 May 2018 05:39:57 PM UTC
gpg: using RSA key 6E979B28A6F37C43BE30AFA1CB8D50BB77BB3C48
gpg: Good signature from "Patrick Schleizer <adrelanos@riseup.net>" [unknown]
gpg: Signature notation: issuer-fpr@notations.openpgp.fifthhorseman.net=6E979B28A6F37C43BE30AFA1CB8D50BB77BB3C48
gpg: Signature notation: file@name=Whonix-Gateway-14.0.0.7.4.libvirt.xz
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 916B 8D99 C38E AF5E 8ADC 7A2A 8D66 066A 2EEA CCDA
Subkey fingerprint: 6E97 9B28 A6F3 7C43 BE30 AFA1 CB8D 50BB 77BB 3C48
And similar outputs for the Whonix-Workstation-*.libvirt.xz.asc, Whonix-Gateway-*.sha*.asc and Whonix-Workstation-*.sha*.asc.
Hi fwazwf4f8u
Everything looks good! Its a good signature and the fingerprint matches up.The Whonix images where created earlier than the release date. Nothing to worry about.
1 Like
These were released earlier as testers-only version. After long enough testing and after finishing up Qubes-Whonix, these Whonix VirtualBox / KVM 14.0.0.7.4 was blessed stable without new build and without new signature.