GPG keys
Re: GPG keys
Do you mean other than the link on the download page, marked "Files integrity may be checked using hash file"?
(that link is for 1.17.6, by the way)
			
									
									(that link is for 1.17.6, by the way)
MakeMKV Frequently Asked Questions
FAQ about BETA and PERMANENT keys.
How to aid in finding the answer to your problem: Activating Debug Logging
						FAQ about BETA and PERMANENT keys.
How to aid in finding the answer to your problem: Activating Debug Logging
Re: GPG keys
It’s e.g. here https://keyserver.ubuntu.com/pks/lookup ... 3a18042697 (though this of course means not that it has any trust).
Cheers,
jemima
			
									
									
						Cheers,
jemima
Re: GPG keys
That hash file is *signed* with a gpg key, but I can't find the public key anywhere(on makemkv's website) that was used to sign that file. I did find the public key on Ubuntu's keyserver, but I need to find a key somewhere here on makemkv's website Mike's account or something so I can verify it's authenticity.
Re: GPG keys
I did actually find this a while ago, but I was hoping to find the key somewhere on makemkv's website or Mike's profile in order to verify its authenticity before I add it to my keyring(for packaging as an RPM). Just trying to be thorough and do as much due diligence as I can.jemima wrote: ↑Mon Jan 22, 2024 11:52 pmIt’s e.g. here https://keyserver.ubuntu.com/pks/lookup ... 3a18042697 (though this of course means not that it has any trust).
Cheers,
jemima
Re: GPG keys
Yeah, clear, though I haven't found it there either.
Anyway, even then then it's trust would completely depend on TLS, which - given the broken CA system[0] - isn't really that much.
Regards,
Jemima
[0] Roughly some 150 root CAs in the typical browser bundles, many of them controlled by countries of questionable reputation, not to talk about an unknown (many thousands of?) number of intermediate CAs, which all can forge more or less anything (and did so in the past).
			
									
									
						Anyway, even then then it's trust would completely depend on TLS, which - given the broken CA system[0] - isn't really that much.
Regards,
Jemima
[0] Roughly some 150 root CAs in the typical browser bundles, many of them controlled by countries of questionable reputation, not to talk about an unknown (many thousands of?) number of intermediate CAs, which all can forge more or less anything (and did so in the past).
Re: GPG keys
I suppose, but the more I can cross-reference the more I can be confident in.