... | ... | @@ -35,8 +35,7 @@ Validating the source code signature |
|
|
|
|
|
The release tarballs for iucode-tool, as well as all git tags, and git commits in the repository are signed by subkeys of the maintainer's [GNUpg](https://gnupg.org) main key (RSA, 4096 bits):
|
|
|
|
|
|
Key ID = 0x0BD9E81139CB4807,
|
|
|
Key fingerprint = C467 A717 507B BAFE D3C1 6092 0BD9 E811 39CB 4807
|
|
|
Key ID (full fingerprint) = 0xC467A717507BBAFED3C160920BD9E81139CB4807
|
|
|
|
|
|
General instructions about how to use gnupg to validate signatures can be found in the gnupg pages.
|
|
|
|
... | ... | @@ -48,7 +47,7 @@ External contributions as code change requests ("pull requests"), bug reports an |
|
|
|
|
|
iucode_tool is not particularly security-sensitive, but if you need to contact me about a security issue that should not be made public before a fix is deployed, you have two options:
|
|
|
|
|
|
1. Direct encrypted email (gnupg key id 0x0BD9E81139CB4807, you *must* ensure that the key fingerprint is: C467 A717 507B BAFE D3C1 6092 0BD9 E811 39CB 4807);
|
|
|
1. Direct encrypted email (gnupg key id/fingerprint 0xC467A717507BBAFED3C160920BD9E81139CB4807);
|
|
|
2. Alternatively, please contact the [Debian security team](https://www.debian.org/security/faq#contact) They will forward the issue to me, and they can independently coordinate with vendor-sec and the other Linux distros as required.
|
|
|
|
|
|
|
... | ... | |