Hello!

On Wed, Apr 19, 2017 at 12:18:07PM -0400, Kumudini Ponnuthurai wrote:

> Not able to verify the latest source of mainline and stable versions of
> NGINX with gpg key ( http://nginx.org/keys/nginx_signing.key ). I am using
> Gpg4win Kleopatra. I uploaded this nginx_signing.key file, then changed the
> owner trust under certificates. Then verified the source (tar file and the
> .asc file) by file -> decrypt/verify. The message was, the key used to sign
> the source is not found in the nginx_signing.key file.
>
> Please let me know, how to I verify nginx source with GPG in windows.
> Thanks.
>
> I also tried to do this by checking for the key in key servers. Not able to
> find the key that is used to sign the source tar file.

There is more than one PGP key used. Full list of keys is here:

http://nginx.org/en/pgp_keys.html

Most of the recent releases are signed by me, key is at
http://nginx.org/keys/mdounin.key. Key fingerprint is:
B0F4 2533 73F8 F6F5 10D4 2178 520A 9993 A1C0 52F8.

--
Maxim Dounin
http://nginx.org/
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx