expired GPG key for TeX Live 2020

Norbert Preining norbert at preining.info
Thu May 7 02:39:23 CEST 2020

Hi Nelson,

On Wed, 06 May 2020, Nelson H. F. Beebe wrote:
> Also, can we get the creator(s) of the *.iso images to sign them as well?

Why would we? 

> So far, we have only *.md5 and *.sha256 checksum files for validating
> correct downloads, but not for validating original contents.

And you have the detached signatures for the sha512 files.

That means you can:
- check that the sha512 is correctly signed with our key
- then check that the iso image has the correct sha512

This is the correct way to do verification, directly signing the .iso is
rather cumbersome and doesn't make sense.



PREINING Norbert                              https://www.preining.info
Accelia Inc. + IFMGA ProGuide + TU Wien + JAIST + TeX Live + Debian Dev
GPG: 0x860CDC13   fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13

More information about the tex-live mailing list.