Hi!
After downloading the software package for Mantis, I would like to verify the signature. The signature can be downloaded too (for example mantisbt-1.3.5.tar.gz.asc). But to verify it, I need to know the public key. GPG tells me the key's ID is 0A45E2D6. I cannot find it on any key server and it is also not on mantisbt.org. In the documentation it is not even mentioned that it might be a good idea to verify the downloaded package. Google also does not know anything about that key.
I guess the official public key should be available on the website and also linked in the documentation (together with the fingerprint). There should at least be one sentence in the documentation on how to verify the signature and why this is usually a good idea.
Does anybody know where to find the public key?
Best regards,
Christian
How to verify the signature of mantis packages
Moderators: Developer, Contributor
Re: How to verify the signature of mantis packages
Please create a report for it at https://www.mantisbt.org/bugs
Re: How to verify the signature of mantis packages
Doesn't look like anything happened. Where is the public key? Critical. Thanks