how can I validate Firefox authentication
I have not been able to successfully authenticate the validity of Firefox 39 on a Mac. Using GPG tools service to validate it gives an error Failed:153. If I perform a command line "gpg --verify SHA512SUMS.asc gpg: assuming signed data in 'SHA512SUMS' gpg: Signature made Wed 1 Jul 03:23:48 2015 EDT using RSA key ID 15A0A4BC gpg: Good signature from "Mozilla Software Releases <[email protected]>" [unknown] gpg: Note: This key has expired! Primary key fingerprint: 2B90 598A 745E 992F 315E 22C5 8AB1 3296 3A06 537A
Subkey fingerprint: 5445 390E F5D0 C2EC FB8A 6201 057C C3EB 15A0 A4BC
Which is not valid since the public key has expired. Where can i get a valid public key? Has anyone performed the validation of Firefox successfully? If so how?
Wubrane rozwězanje
Ben Hearsum is a Mozilla employee and the blog link posted by cor-el was in the bug report I linked.
Toś to wótegrono w konteksće cytaś 👍 0Wšykne wótegrona (8)
Good point. I do get the same result. The subkey used to sign the *SUMS file has expired on 07/16/15, and I guess nobody at Mozilla has noticed that (yet). The best would probably be to raise a new bug for this in Bugzilla. https://bugzilla.mozilla.org
Wót christ1
Oh they know.
For reading as the general issue tracker Bugzilla is not a discussion forum like here.
Bug 1139929 - renew gpg signing key
Is the new public key available ? Where can I get it
The current Public key listed from the download firefox versions "https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/39.0/"
as well as the others is still incorrect. You don't expect people to download a public key from a Blog?
Wubrane rozwězanje
Ben Hearsum is a Mozilla employee and the blog link posted by cor-el was in the bug report I linked.
All previous versions of firefox 39 will not be able to authenticate until the key is updated.