publish OpenPGP / gpg fingerprint of APT signing key #2309 - NOT ACTUALLY COMPLETED AS YOU DIDN'T "PUBLISH A FINGERPRINT"

[fabutastic]

Code of conduct

• I have read and agree to adhere to the Code of Conduct

Self-training on how to write a bug report

• I have learned how to write a bug report

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

Issue #2309 was not actually completed. The issue is that the fingerprint was never published so that we can verify that the signing key is legitimate by matching the downloaded keys fingerprints with the fingerprint published by the developer. In issue #2309 you only provide a link to download the key, but you still don't publish a fingerprint for the key that was downloaded. Please reopen issue #2309 or publish (or verify) the fingerprint here.

The fingerprint I have for this key is
6636 1D8E 3C96 E41C 6DCB 7051 C499 2CE7 A88D 4262

Full output

gpg: keybox '/home/fabutastic/.gnupg/pubring.kbx' created
pub   rsa4096/C4992CE7A88D4262 2015-10-28 [SC]
      Key fingerprint = 6636 1D8E 3C96 E41C 6DCB  7051 C499 2CE7 A88D 4262
uid                            Jason Rhinelander <[email protected]>
sub   rsa4096/D3778FABF1D6D4A6 2015-10-28 [E]

We know where the signing key is, we need the fingerprint published.

Expected Behavior

This fingerprint
6636 1D8E 3C96 E41C 6DCB 7051 C499 2CE7 A88D 4262
for this key needs to be PUBLISHED (on many different sites if possible) by the developer.

Steps To Reproduce

None, just publish the fingerprint so we can verify our download's fingerprint to the developers published fingerprint.

Desktop Version

1.14.2

Anything else?

Just publish the key (preferably on multiple websites loki.net & getsession.org & github.com) so we can crosscheck the fingerprint with the fingerprint of our downloaded file.

[KeeJef]

Replied on linked issue