Re: Keys for the DC18 Key Signing Party - Ready for printing!

[Kurt Roeckx <kurt@roeckx.be>]

On Sat, Jul 21, 2018 at 03:49:14PM -0500, Gunnar Wolf wrote:
> As we all finish packing our bags for Taiwan, several people have
> asked me what about the KSP list we are supposed to
> _print_at_home_. So, I took some time out of packing, and decided to
> finalize the needed bits to have this in working order!
> 
> So, we have the final v1.0 list for the DebConf18 Continuous Key
> Signing Party! Please find it here:
> 
>      https://people.debian.org/~gwolf/ksp-dc18/ksp-dc18.txt
> 
> If you want to ensure the file came from me, you can check the
> clear-signed version:
> 
>      https://people.debian.org/~gwolf/ksp-dc18/ksp-dc18.txt.asc

This file really isn't usable, it's not a detached signature. It
can not be used to verify ksp-dc18.txt. 

When verifying it, you get:
$ gpg --verify ksp-dc18.txt.asc 
gpg: Signature made Tue 24 Jul 2018 02:08:48 AM CEST
gpg:                using RSA key AB41C1C68AFD668CA045EBF8673A03E4C1DB921F
gpg: Good signature from "Gunnar Eyal Wolf Iszaevich <gwolf@debian.org>" [full]
gpg:                 aka "Gunnar Eyal Wolf Iszaevich <gwolf@gwolf.org>" [full]
gpg:                 aka "Gunnar Eyal Wolf Iszaevich (Instituto de Investigaciones Económicas UNAM) <gwolf@iiec.unam.mx>" [full]
gpg: WARNING: not a detached signature; file 'ksp-dc18.txt' was NOT verified!

$ gpg --verify ksp-dc18.txt.asc ksp-dc18.txt
gpg: not a detached signature

We need to verify the ksp-dc18.txt file, that's the file we'll all
compute the SHA256 for.


Kurt