Search Support

Beware of phishing attacks: Mozilla will never ask you to call a number or visit a non-Mozilla website. Please ignore such requests.

Learn More

No public key for Firefox funnelcake.

  • 5 ответов
  • 2 имеют эту проблему
  • 42 просмотра
  • Последний ответ от Mace2

more options

When I download the latest version of Firefox from "" It downloads Funnelcake.Sha 512 9afd084156f5fda909cc51b2ebf539e75f788fa4c80b78445797ceb845041c0838e287493a0f849d1f357ecf7493efc1adabc786eb53b80fbeff6e433cbb2506

When I go to "" to verify via PGP I only see the the "Firefox 40.3.dmg.asc" but no public key like other releases. If I try to validate the "Firefox 40.3.dmg.asc" using the "Mozilla software release public key" it does not authenticate. But If I go to Firefox 40. it autheticates usung PGP and it has the public key in the folder "" Anyone know why?

Изменено James

All Replies (5)

more options

Did some research, and got very hungry looking thru all those cakes.

You are not alone.

more options

Funnelcake builds are an experiment for (new) Firefox users that offer a different Firefox version for testing the user experience.

I don't think that there are checksums available for such special builds, they are only available for the official releases.

There are more such builds planned:

  • Bug 1202786 - Create funnelcake builds for OSX EN with a 2nd Tab at FirstRun.
  • Bug 1205743 - Create funnelcake builds for Firefox 41.0 to understand SEM acquired users
  • Bug 1184279 - Create funnelcake builds to test Firefox homepage variations

Please do not comment in bug reports

more options

Then why is there a Firefox 40.3.dmg.asc file which is a signature file used with PGP?

more options

OK, I missed the .asc file.

I see this on Linux in a terminal window with the KEY file present in the Firefox 40.0.3 release folder.

gpg --import <KEY
gpg: key D98F0353: public key "Mozilla Software Releases <>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

gpg -v --verify "Firefox 40.0.3.dmg.asc"
Version: GnuPG v2.0.14 (GNU/Linux)
gpg: armor header: 
gpg: assuming signed data in `Firefox 40.0.3.dmg'
gpg: Signature made Tue 15 Sep 2015 12:47:04 AM CEST using RSA key ID 5E9905DB
gpg: using subkey 5E9905DB instead of primary key D98F0353
gpg: using PGP trust model
gpg: Good signature from "Mozilla Software Releases <>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 14F2 6682 D091 6CDD 81E3  7B6D 61B7 B526 D98F 0353
     Subkey fingerprint: F2EF 4E6E 6AE7 5B95 F11F  1EB5 1C69 C4E5 5E99 05DB
gpg: binary signature, digest algorithm SHA1
more options

This doesn't tell me how to verify Funnel cake via PGP?