[SOLVED] Please post the full GPG key at the download page

Like Gentoo has: https://www.gentoo.org/downloads/signatures/

This is how I verify an ISO in a text editor. I format the keys so they line up, which isn’t possible here.

Full gpg key CB23 504F
Fingerprint 497A F50C 92AD 2384 C56E 1ACA 003D B8B0 CB23 504F
Primary key fingerprint: 497A F50C 92AD 2384 C56E 1ACA 003D B8B0 CB23 504F

gpg: assuming signed data in ‘endeavouros-2019.07.15-x86_64.iso’
gpg: Signature made Mon 15 Jul 2019 18:41:07 CEST
gpg: using RSA key 497AF50C92AD2384C56E1ACA003DB8B0CB23504F
gpg: Good signature from “EndeavourOS” [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 497A F50C 92AD 2384 C56E 1ACA 003D B8B0 CB23 504F

pub rsa2048 2019-06-06 [SC]
497A F50C 92AD 2384 C56E 1ACA 003D B8B0 CB23 504F
uid [ unknown] EndeavourOS
sub rsa2048 2019-06-06 [E]

gpg: key 003DB8B0CB23504F: 1 signature not checked due to a missing key
gpg: key 003DB8B0CB23504F: public key “EndeavourOS imported”
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1

Had to remove the emails as as a new user I can only post two links at a time in a post.

1 Like

satisfied?

1 Like

Thank you! That’s splendid. :smiley: