user42_kevin.gpg— GnuPG public key, binary
user42_kevin.gpg.asc— same, ASCII armoured
Previous 1024D key
2C530221 5F6ADD3A was
key.gpg.asc (ASCII), and the
same at GNU
savannah or keyserver like
The new is signed by the old, so trust should go transitively.
.asc are from the new key (its subkey). The Perl
SIGNATURE files are either old or new, according
to when released. Is it worth new dist releases for new key?
cpansign defaults to SHA-1 so maybe bigger key doesn't gain much
unless directed to SHA256 and in which case users verifying would need
Of course there's limited point giving key finding instructions here. Unless you get it or verify by an independent channel then it's no better than a checksum.
All of tuxfamily can be reached by either
https. Links here to the download area are mostly
https in the interests of maintaining privacy and security,
especially when getting software. The SSL certificate is from tuxfamily.
This page Copyright 2014, 2015, 2016 Kevin Ryde.