Thanks for the note! I'm not sure what to do about this, since I don't use the "asdf/tools" myself. I never figured out how to debug the lisp scripts there, so I have stuck to the old code that is based on bash and make.
That looks like code that is probably related to the creation of Debian packages for ASDF. No one has been doing that for years. I should probably prune the code for doing that....
Best, R
On 22 Dec 2021, at 10:54, Attila Lendvai wrote:
Robert,
i have this local diff:
- (error "Please export variable DEBSIGN_KEYID to be the 8-hex hash of
your GnuPG secret key")))
- (error "Please export variable DEBSIGN_KEYID to be the 16+ digit
hexadecimal hash of your GnuPG secret key")))
there's an ongoing attack against PGP keys where a white hat hacker is brute-forcing the published keys to generate keys that have the same hash/fingerprint, or at least the last 8 digits.
luckily they also publish a revocation certificate for these fake keys, but i recommend using longer than 8 digit fingerprints when identifying PGP keys.
just a head's up, probably not very urgent/relevant.
- attila
PGP: 5D5F 45C7 DFCD 0A39