On Fri, 2012-08-24 at 23:39 -0700, Konstantin Ryabitsev wrote: > Hello, all: > > I collected 46 keys from 40 people interested in keysigning at the > Kernel Summit. I have uploaded the fingerprints and the pubring to the > following locations: > > https://www.kernel.org/ks2012-fingerprints.txt > https://www.kernel.org/ks2012-pubring.gpg > > This is the sha256sum of the pubring: > bbb816d955c3939c72985175b0ea4f8781662f70d8a0fa9b0985391403a0fe79 > > You can import the pubring using "gpg --import" command. > > WARNING: just in case someone jumps the gun -- these fingerprints were > taken at "face value". I DID NO VERIFICATION WHATSOEVER whether these > keys belong to the actual people. DO NOT sign any of these keys > without the verification procedure at the Kernel Summit. My GPG > signature on this email is in no way an endorsement of these keys. > > Here's how the procedure will play out: [...]
You seem to have missed step 0: Verify your own key fingerprint in ks2012-pubring.gpg by comparing: gpg --fingerprint $KEY_ID gpg --no-default-keyring --keyring ./ks2012-pubring.gpg --fingerprint $REAL_NAME (Normally, people would verify their key fingerprints in ks2012-fingerprints.txt, but unless we also agree the sha256sum of that then no-one can rely on the contents of that file as more than a checklist.) Ben. -- Ben Hutchings Experience is what causes a person to make new mistakes instead of old ones.
signature.asc
Description: This is a digitally signed message part
