python-tuf/debian/upstream
Philippe Coval 8d47f64e43 debian: Update debian/upstream/signing-key.asc
This change is needed for debian packaging effort of latest release 0.17.0

https://github.com/theupdateframework/tuf/issues/263

Because this key update is critical in the trust's chain,
may I request upstream to double check and acknowledge this change.

This key was obtained from WoT using:

    wget d1cadc8c68/tuf-0.17.0.tar.gz
    wget d1cadc8c68/tuf-0.17.0.tar.gz.asc

    gpg --verify  tuf-0.17.0.tar.gz.asc
    gpg: assuming signed data in 'tuf-0.17.0.tar.gz'
    gpg: Signature made Thu 25 Feb 2021 12:42:50 PM CET
    gpg:                using RSA key 08F3409FCF71D87E30FBD3C21671F65CB74832A4
    gpg: Can't check signature: No public key

    gpg --recv-key 08F3409FCF71D87E30FBD3C21671F65CB74832A4 \
      --keyserver hkp://keys.gnupg.net
    gpg --verify ../tuf-0.17.0.tar.gz.asc
    gpg --fingerprint 08F3409FCF71D87E30FBD3C21671F65CB74832A4
    # pub   rsa3072 2020-03-17 [SC] [expires: 2030-03-15]
    #      08F3 409F CF71 D87E 30FB  D3C2 1671 F65C B748 32A4
    # uid           [ unknown] Joshua Lock (GPG on YubiKey) <jlock@vmware.com>
    # sub   rsa3072 2020-03-17 [E] [expires: 2030-03-15]
    # sub   rsa3072 2020-03-17 [A] [expires: 2030-03-15]

    gpg --armor --export 08F3409FCF71D87E30FBD3C21671F65CB74832A4 \
      > debian/upstream/signing-key.asc

Cc:  Sebastien Awwad <sebastien.awwad@gmail.com @awwad>
Cc:  Lukas Puehringer <lukas.puehringer@nyu.edu @lukpueh>
Cc:  Joshua Lock <jlock@vmware.com @joshuagl>
Relate-to: https://www.debian.org/doc/manuals/debmake-doc/ch05.en.html#signing-key
Origin: https://github.com/CrossStream/tuf/tree/debian/master
Forwarded: https://github.com/theupdateframework/tuf/pull/1299
Signed-off-by: Philippe Coval <rzr@users.sf.net>
2021-03-09 09:30:00 +01:00
..
signing-key.asc debian: Update debian/upstream/signing-key.asc 2021-03-09 09:30:00 +01:00