[Nut-upsuser] Checking NUT signature (was: NUT public key?)

Arnaud Quette aquette.dev at gmail.com
Fri Jan 27 22:19:35 UTC 2006

2006/1/27, Matthew.van.Eerde at hbinc.com <Matthew.van.Eerde at hbinc.com>:
> I've successfully installed and configured NUT on my test machine and am
> moving it into production.
> http://www.networkupstools.org/source.html offers some good advice... "You
> should always use PGP/GPG to verify the signatures before using any source
> code"
> But where can I find the public key that was used to sign the source?

  It's not on any key servers I've been able to query.
I have the complete website rewrite underway [1], which will add a link on
the ref you cited, stating:


To verify the source signature of the source code:

1) Download the nut-X.Y.Z.tar.gz and nut-X.Y.Z.tar.gz.sig
2) Import the NUT maintainer GPG key:
$> gpg --keyserver keyring.debian.org --recv-key 204DDF1B
3) call GPG to verify the key:
$> gpg --verify nut-X.Y.Z.tar.gz.sig nut-X.Y.Z.tar.gz

You should see some information, and most of all a "Good signature from ..."
Otherwise, something went wrong. So you should retry to download NUT, and
apply this procedure again!


thanks for the feedback,
Linux / Unix Expert - MGE UPS SYSTEMS - R&D Dpt
Network UPS Tools (NUT) Project Leader - http://www.networkupstools.org/
Debian Developer - http://people.debian.org/~aquette/
OpenSource Developer - http://arnaud.quette.free.fr/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.alioth.debian.org/pipermail/nut-upsuser/attachments/20060127/c798958b/attachment.html

More information about the Nut-upsuser mailing list