Эта тема была архивирована. Если вам нужна помощь, задайте новый вопрос.
No public key for Firefox funnelcake.
When I download the latest version of Firefox from "https://www.mozilla.org/en-US/firefox/all/#en-US" It downloads Funnelcake.Sha 512 9afd084156f5fda909cc51b2ebf539e75f788fa4c80b78445797ceb845041c0838e287493a0f849d1f357ecf7493efc1adabc786eb53b80fbeff6e433cbb2506
When I go to "https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/" to verify via PGP I only see the the "Firefox 40.3.dmg.asc" but no public key like other releases. If I try to validate the "Firefox 40.3.dmg.asc" using the "Mozilla software release public key" it does not authenticate. But If I go to Firefox 40. it autheticates usung PGP and it has the public key in the folder "https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/40.0/" Anyone know why?
All Replies (5)
Did some research, and got very hungry looking thru all those cakes.
You are not alone.
Funnelcake builds are an experiment for (new) Firefox users that offer a different Firefox version for testing the user experience.
I don't think that there are checksums available for such special builds, they are only available for the official releases.
There are more such builds planned:
- Bug 1202786 - Create funnelcake builds for OSX EN with a 2nd Tab at FirstRun.
- Bug 1205743 - Create funnelcake builds for Firefox 41.0 to understand SEM acquired users
- Bug 1184279 - Create funnelcake builds to test Firefox homepage variations
Please do not comment in bug reports
Then why is there a Firefox 40.3.dmg.asc file which is a signature file used with PGP?
OK, I missed the .asc file.
I see this on Linux in a terminal window with the KEY file present in the Firefox 40.0.3 release folder.
gpg --import <KEY gpg: key D98F0353: public key "Mozilla Software Releases <firstname.lastname@example.org>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) gpg -v --verify "Firefox 40.0.3.dmg.asc" Version: GnuPG v2.0.14 (GNU/Linux) gpg: armor header: gpg: assuming signed data in `Firefox 40.0.3.dmg' gpg: Signature made Tue 15 Sep 2015 12:47:04 AM CEST using RSA key ID 5E9905DB gpg: using subkey 5E9905DB instead of primary key D98F0353 gpg: using PGP trust model gpg: Good signature from "Mozilla Software Releases <email@example.com>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 14F2 6682 D091 6CDD 81E3 7B6D 61B7 B526 D98F 0353 Subkey fingerprint: F2EF 4E6E 6AE7 5B95 F11F 1EB5 1C69 C4E5 5E99 05DB gpg: binary signature, digest algorithm SHA1
This doesn't tell me how to verify Funnel cake via PGP?