[Python-Dev] FWD: gpg keys have problems

Barry Warsaw barry at python.org
Mon Jun 6 21:23:14 CEST 2011

On Jun 05, 2011, at 08:20 AM, Aahz wrote:

>> >From your python download page you need to update the public keys to not
>> use the faulty MD5 digest algorithm.  (see the link listed below)
>> $ gpg --import pubkeys.txt
>> gpg: key 6A45C816: public key "Anthony Baxter <anthony at interlink.com.au>" imported
>> gpg: WARNING: digest algorithm MD5 is deprecated
>> gpg: please see http://www.gnupg.org/faq/weak-digest-algos.html for more information
>> gpg: key ED9D77D5: public key "Barry A. Warsaw <barry at warsaw.us>" imported
>> gpg: Total number processed: 2
>> gpg:               imported: 2  (RSA: 1)
>> gpg: no ultimately trusted keys found

This only looks like a problem with Anthony's key.  He could update his key,
but OTOH probably has little incentive to just for Python release management.
Anthony was release manager for 2.5, but Martin took that over, and also,
Python 2.5 is very near EOL even for security releases.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/python-dev/attachments/20110606/b9e5178e/attachment.pgp>

More information about the Python-Dev mailing list