blug-canary-2
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
blug-canary-2 [2022/08/19 05:23] persmule |
blug-canary-2 [2024/04/29 15:13] (current) persmule |
||
|---|---|---|---|
| Line 6: | Line 6: | ||
| ==================================== | ==================================== | ||
| - | Issued for August 2022. | + | Issued for April 2024. |
| Don't just trust the contents of this file blindly! Verify the | Don't just trust the contents of this file blindly! Verify the | ||
| Line 61: | Line 61: | ||
| 10. We plan to publish the next of these canary statements in the first three | 10. We plan to publish the next of these canary statements in the first three | ||
| - | weeks of September 2022. Special note should be taken if no new canary is published | + | weeks of May 2024. Special note should be taken if no new canary is published |
| by that time or if the list of statements changes without plausible explanation. | by that time or if the list of statements changes without plausible explanation. | ||
| Line 71: | Line 71: | ||
| ~~~~~~~~~~~~~~~~~~~~~~~~ | ~~~~~~~~~~~~~~~~~~~~~~~~ | ||
| - | None. | + | 1. We've found a workaround for importing keys on https:// |
| + | without User-ID. The instructions for verifying persmule' | ||
| + | been added. | ||
| Canary Verification Procedures | Canary Verification Procedures | ||
| Line 86: | Line 88: | ||
| 2. To verify persmule' | 2. To verify persmule' | ||
| - | a. Unfortunately, | + | a. Due to the previous |
| - | | + | the OpenPGP |
| - | countermeasure, | + | |
| - | | + | |
| - | it's impossible to import a OpenPGP public key without User-ID | + | |
| - | | + | |
| - | b. We are looking for a solution. But for now, you should check the | + | b. Obtain the dummy public key from any traditional OpenPGP Keyserver, |
| - | | + | such as https:// |
| - | | + | |
| - | to two people. It reduces | + | |
| - | | + | |
| + | technical problem, Using "gpg --recv-key" | ||
| + | | ||
| - | c. Once the technical problem of using a public key without | + | c. This is a special dummy public key with its User-IDs and subkeys stripped |
| - | | + | that we specifically created, leaving only a " |
| - | | + | E-mail address, " |
| - | | + | |
| - | | + | |
| + | d. Next, with the stub key already imported, obtain the public key from | ||
| + | https:// | ||
| + | | ||
| + | now possible to import the https:// | ||
| + | |||
| + | e. Use the latest GnuPG in most operating system, the signatures made by | ||
| + | | ||
| + | other systems should work just fine, but not Fedora. The subkeys contains | ||
| + | signatures made with Brainpool curves, which are disabled on Fedora due to | ||
| + | potential patent-licensing problems, causing a " | ||
| + | | ||
| 3. To verify vimacs' | 3. To verify vimacs' | ||
| Line 117: | Line 131: | ||
| $ rsstail -1 -n5 -N -u https:// | $ rsstail -1 -n5 -N -u https:// | ||
| - | | + | |
| - | | + | Thursday evening news briefing: Yousafs political future could lie in Alex Salmonds hands |
| - | Greenford stabbing: Residents ask where police have gone after killing of 87-year-old | + | Wednesday evening news briefing: Teenage girl arrested after two teachers and pupil stabbed |
| - | Ryan Giggs trial: Ex-footballer penned poem to Kate Greville that read ' | + | Tuesday |
| - | Thursday | + | When is the US election? Everything you need to know about the 2024 race |
| $ rsstail -1 -n5 -N -u https:// | $ rsstail -1 -n5 -N -u https:// | ||
| - | Heat and Drought | + | Middle East Crisis: Israel Appears to Soften Stance |
| - | Russia and Ukraine Accuse Each Other of Preparing Attacks | + | As Anger Grows Over Gaza, Arab Leaders Crack Down on Protests |
| - | The Bloody Uprising Against the Taliban Led by One of Their Own | + | Spains Leader, Pedro Snchez, Says He Wont Quit Over Wifes Corruption Case |
| - | I Have Nothing Left: Flooding Adds to Afghanistans Crises | + | What to Know: First Trial in Alleged Coup Plot in Germany Begins |
| - | Mexico Says 43 Students Disappearance Was a State Crime | + | How Capitalists in Communist Cuba Are an Economic Lifeline |
| $ date -R -u | $ date -R -u | ||
| - | Fri, 19 Aug 2022 05:19:09 +0000 | + | Mon, 29 Apr 2024 12:39:48 +0000 |
| -----BEGIN PGP SIGNATURE----- | -----BEGIN PGP SIGNATURE----- | ||
| - | iQEzBAEBCgAdFiEE+SOCpROWPk6Sp6Iw8P4UaDjldeAFAmL/HV8ACgkQ8P4UaDjl | + | iQIzBAEBCgAdFiEEDfvrUpjKhXrxhHZrG+3+G67tLh4FAmYvlRsACgkQG+3+G67t |
| - | deC1IAgAhF4j3/lwnoOc8tud/ | + | Lh7D5BAAnpSxR8sRz+XTccX6alNRQsBkDrXctZad/JDOauIp5mJyVIMvJjGVoXtO |
| - | Ap6oSPYW0bkknGQKRddDE49xoQvexeUHPGJhl7i2kWXZ7B8AF+8XljHZeSuM9kb/ | + | 1vElKoqvvG/X7xSBMasjuYI3LQek3NLi++OG0EF/74HQgKxNKJt39oBy6GYFHXnq |
| - | PGLpiREkVprlXEEqNHlyp0o/ | + | pYaUNcHGxMs3/ |
| - | ScaEyniarmcz6gPaON3UN/ay7wOI+Iwqp51oKhAfc/brUCLT7tKDjEmxPcN2rVsn | + | WajtZYiV8xClf9NNw9mzx9tSMDyYFLLO3LWnQyzgHizStMSQ6hcAUYigpo4RhqkY |
| - | /93H0lpWNCVVGuWnnfDzNYp+4MleRA3L6g2fwGmfH2e4e9RJDq6evwb27LdpBxd0 | + | 93KyvkfdV+GUXt1zQvrMgUc7PSF6UGMc5eEpRMB+iaBX68qql85dH7DfpiwTQwCJ |
| - | ValS12ilVDJaj4BTRhcMvWmoBgXtxw== | + | DYqwTJ0amrpyX+lbw5Dpaz2C/dP3NcOIDtLJa/ |
| - | =ELVi | + | PBlm+OgOlX8ZmfW+YUQUI1ehwNMyEg6chjKS04GMV+Bb5T6U9e4KPADagcCc40cY |
| + | JXQoRfxxGlmL5tm9rzXDW9JKBGugPhOwU3QYdkk0CrLfPeWXvxgY3ABu0zQPezmI | ||
| + | CjIT+5adixqInzIsiWacoFEKBodXxnHl7fI9V+W6rQOTmmKps9tWkxTXl+pJaGeu | ||
| + | aecYOjYuX+DFzrNyBxI2GoYSCxijbkKExzjU70CG5AAdefedTlcRFgqsWd0JVZx/ | ||
| + | tkZqot5diwM9PNS2+GY2N837a6WQ+aXf/kp8GCKDfdd+J32CsTo= | ||
| + | =vX0j | ||
| -----END PGP SIGNATURE----- | -----END PGP SIGNATURE----- | ||
| </ | </ | ||
blug-canary-2.1660886582.txt.gz · Last modified: 2022/08/19 05:23 by persmule
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
