I can't verify downloaded files using Phillip Lord's new certificate, 3FB1EAD2. The files appear to have been signed on 2019-08-30 using Mr. Lord's previous certificate, D1D046BD, which has since been revoked.
1) Suggestions please for verifying the downloaded files?
2) Also, a gentle request to update the verification instructions on the download page.
Thanks,
Hans
hanshenningsen@yahoo.com
--------
START: BACKGROUND
--------
I downloaded the following files from:
https://ftp.gnu.org/gnu/emacs/windows/emacs-26/
- emacs-26.3-x86_64.zip
- emacs-26.3-x86_64.zip.sig
I then tried to verify the files using Phillip Lord's certificate
8E64 B119 FE4B AC58 C767 D5EC E095 C1A6 3FB1 EAD2
as specified on:
https://www.gnu.org/software/emacs/download.html
and got the following error:
The data could not be verified.
Signature created on Friday, August 30, 2019 08:04:16
With unavailable certificate:
ID: 0x84930FFB79B645F7DEA29AD0AC6DD3FFD1D046BD
You can search the certificate on a keyserver or import it from a file.
gpg: Signature made 08/30/19 08:04:16 Eastern Standard Time (Mexico)
gpg: using RSA key 84930FFB79B645F7DEA29AD0AC6DD3FFD1D046BD
gpg: Can't check signature: No public key
I downloaded the older certificate, 0x84930FFB79B645F7DEA29AD0AC6DD3FFD1D046BD, and observed that it had since been revoked.
--------
END: BACKGROUND
--------