How to verify the signature of mantis packages

Get help from other users here.

Moderators: Developer, Contributor

Post Reply
cm_bt
Posts: 4
Joined: 27 Jan 2017, 14:52

How to verify the signature of mantis packages

Post by cm_bt »

Hi!

After downloading the software package for Mantis, I would like to verify the signature. The signature can be downloaded too (for example mantisbt-1.3.5.tar.gz.asc). But to verify it, I need to know the public key. GPG tells me the key's ID is 0A45E2D6. I cannot find it on any key server and it is also not on mantisbt.org. In the documentation it is not even mentioned that it might be a good idea to verify the downloaded package. Google also does not know anything about that key.

I guess the official public key should be available on the website and also linked in the documentation (together with the fingerprint). There should at least be one sentence in the documentation on how to verify the signature and why this is usually a good idea.

Does anybody know where to find the public key?

Best regards,
Christian
atrol
Site Admin
Posts: 8366
Joined: 26 Mar 2008, 21:37
Location: Germany

Re: How to verify the signature of mantis packages

Post by atrol »

Please create a report for it at https://www.mantisbt.org/bugs
Please use Search before posting and read the Manual
pmantis
Posts: 1
Joined: 23 Mar 2019, 15:23

Re: How to verify the signature of mantis packages

Post by pmantis »

Doesn't look like anything happened. Where is the public key? Critical. Thanks
Post Reply