[OTR-users] PGP signatures non-existent + no public key/fingerprint posted on the main webpage
Ian Goldberg
ian at cypherpunks.ca
Sat Apr 2 12:19:33 EST 2005
On Sat, Apr 02, 2005 at 02:07:46AM -0500, Jason Cohen wrote:
> The PGP signatures for libotr source and gaim-otr source do not exist.
> Clicking the link brings up a blank page.
Thanks. Apache was for some reason claiming the tar.gz.asc file was
itself gzip'd. [wget didn't complain about this.] Fixed.
> PGP signatures do exist for
> the Win32 binaries (gaim-otr & otrproxy). However, the main web page
> does not post the fingerprint used or give a download link for the
> public key. Without a fingerprint to verify, having a signature is useless.
Paul's public key is on the keyservers; you can get it from there. For
example:
http://pgp.mit.edu:11371/pks/lookup?search=paul+wouters&op=vindex&fingerprint=on
Posting a PGP fingerprint on the OTR page isn't so useful, since that
fingerprint would be no more trusted than the software itself. Use the
PGP WoT to trust Paul's key.
- Ian
More information about the OTR-users
mailing list