HPLIP

How can the PGP key A59047B9 of <email address hidden> be verified

Asked by David Ayers

I've downloaded the hplip-3.14.4.run and hplip-3.14.4.run.asc files from sourceforge via an unencrypted connection.
The downloaded key is:
pub 1024D/A59047B9 2009-12-15
uid HPLIP (HP Linux Imaging and Printing) <email address hidden>
sig!3 A59047B9 2009-12-15 HPLIP (HP Linux Imaging and Printing) <email address hidden>
sub 2048g/26153BA0 2009-12-15
sig! A59047B9 2009-12-15 HPLIP (HP Linux Imaging and Printing) <email address hidden>

but the key servers also have other keys which anyone could have uploaded:

pub 1024D/D93CFEBF 2009-12-15
uid HPLIP (HP Linux Imaging and Printing) <email address hidden>
sig!3 D93CFEBF 2009-12-15 HPLIP (HP Linux Imaging and Printing) <email address hidden>
sub 2048g/B999B25F 2009-12-15
sig! D93CFEBF 2009-12-15 HPLIP (HP Linux Imaging and Printing) <email address hidden>

pub 1024D/9013C005 2009-03-02
uid HPLIP (HP Linux Imaging and Printing) <email address hidden>
sig!3 9013C005 2009-03-02 HPLIP (HP Linux Imaging and Printing) <email address hidden>
sub 2048g/85421A01 2009-03-02
sig! 9013C005 2009-03-02 HPLIP (HP Linux Imaging and Printing) <email address hidden>

The key A59047B9 is not in the strong set so one cannot find a trust path via of http://pgp.cs.uu.nl/

It would suffice if the key and it's fingerprint were publicized either
- under an official HP website via SSL and the standard HP certificate
- or uploaded to launchpad by one of the hplip maintainers for the user
https://launchpad.net/~hplip

Thank you!

Question information

Language:
English Edit question
Status:
Answered
For:
HPLIP Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Launchpad Janitor (janitor) said : 		#1

This question was expired because it remained in the 'Open' state without activity for the last 15 days.

Revision history for this message
David Ayers (ayers) said : 		#2

Can a HPLIP Maintainer comment on this?

Or better yet, have one of the administrators:
https://launchpad.net/~hplip/+members#active

either:
https://launchpad.net/~suma-byrappa
or/and
https://launchpad.net/~raghavendra-chitpadi

upload a GPG key to launchpad, which they used to sign A59047B9 and upload these keys to the key servers including their signature of A59047B9?

These needn't be the same keys they generally use for OpenPGP communication, but at least we'd know that whoever had the administrative credentials for Launchpad has signed the key.

Revision history for this message
Suma Byrappa (suma-byrappa) said : 		#3

Hi David,

I'm very sorry for the delay in response. Somehow this question slipped off our attention.

The key A59047B9 belongs to HPLIP project. The other two keys which you mentioned above were also used by HPLIP, but discontinued now due to certain problems. We could not delete the keys as there was no such support on PGP site.

We will address the problem raised by you shortly.

Thanks for the support!
Suma

Can you help with this problem?

Provide an answer of your own, or ask David Ayers for more information if necessary.

To post a message you must log in.