user42_kevin.gpg
-- GnuPG public key, binary
user42_kevin.gpg.asc
-- same, ASCII armoured
Previous 1024D key 2C530221 5F6ADD3A
was
key.gpg
(binary), key.gpg.asc
(ASCII), and the
same at GNU
savannah or keyserver like
at pgp.mit.edu.
The new is signed by the old so trust should go transitively.
All .asc
signatures are from the new key (its subkey). The Perl
dists containing SIGNATURE
files are either old or new according
to when released (but gradually having re-releases to the new).
cpansign
post defaults to
SHA256 so can benefit from bigger key.
Of course there's limited point giving key finding instructions here. Unless you get it or verify by an independent channel then it's not much better than a checksum.
All of tuxfamily can be reached by either http
or
https
. Links here to the download area are mostly
https
in the interests of maintaining privacy and security for
getting software or software instructions. The HTTPS SSL certificate is
from tuxfamily.
Checking signatures or certificates and their origins is a good idea. Bait sites or scammers make block copies of all sorts of stuff. Presumably real content even when copied rates in the search engines.
This page Copyright 2014, 2015, 2016, 2017, 2018, 2019 Kevin Ryde.