Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

... #7965

Closed
dzyphr opened this issue Sep 2, 2022 · 4 comments
Closed

... #7965

dzyphr opened this issue Sep 2, 2022 · 4 comments

Comments

@dzyphr
Copy link

dzyphr commented Sep 2, 2022
edited
Loading

...
@dzyphr dzyphr changed the title REOPENED DUE TO FORCEFUL CLOSING OF POTENTIALLY MALICIOUS ACTOR - GPG Verification presents error, I want to verify that the download source is not compromised before usage. REOPENED DUE TO FORCEFUL CLOSING BY POTENTIALLY MALICIOUS ACTOR - GPG Verification presents error, I want to verify that the download source is not compromised before usage. Sep 2, 2022
@dzyphr
Copy link
Author

dzyphr commented Sep 2, 2022
edited
Loading

...

1 similar comment
@dzyphr
Copy link
Author

dzyphr commented Sep 2, 2022
edited
Loading

...

@accumulator
Copy link
Member

Nobody is telling you you should use the code without verification. As explained in #7964 (comment) you need to properly use gpg. That means importing the three public keys and signing them with your own key (after verifying you have the correct ones) to mark them as trusted. This is a process you need to follow to be able to properly verify the integrity of the artifact you want to use.

@dzyphr
Copy link
Author

dzyphr commented Sep 2, 2022
edited
Loading

...

@dzyphr dzyphr changed the title REOPENED DUE TO FORCEFUL CLOSING BY POTENTIALLY MALICIOUS ACTOR - GPG Verification presents error, I want to verify that the download source is not compromised before usage. ... Sep 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@accumulator @dzyphr