The keys actually used to sign the downloads are missing from gpg_keys.html

## Forest reported this on 2024-01-07T22:01:46Z

### Transferred from https://issues.dlang.org/show_bug.cgi?id=24322

### Description

````markdown
https://dlang.org/gpg_keys.html lists a bunch of gpg key fingerprints, but none of them match the signatures offered on download.html.

Closer inspection reveals that the signatures were made by subkeys, and since gpg_keys.html omits the subkey fingerprints, it cannot be used to check that the signatures are good. In other words, gpg_keys.html is currently useless, and can even lead someone to think the downloads might have been tampered with.

Suggestion:

Regenerate gpg_keys.html using the output of gpg --list-keys --with-subkey-fingerprint
````

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

The keys actually used to sign the downloads are missing from gpg_keys.html #4001

Forest reported this on 2024-01-07T22:01:46Z

Transferred from https://issues.dlang.org/show_bug.cgi?id=24322

Description

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

The keys actually used to sign the downloads are missing from gpg_keys.html #4001

Description

Forest reported this on 2024-01-07T22:01:46Z

Transferred from https://issues.dlang.org/show_bug.cgi?id=24322

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions