libk should be subject to extremely stringent security protocols, and uses signify to authenticate its releases. libk keyrings will always be signed by the maintainer’s key, and any change in maintainer will be accompanied by a signed announcement from the old maintainer including the new maintainer’s public key. if any change in maintainer, maintainer key, or security protocol is not accompanied by a signed announcement from the maintainer, disregard it and notify project staff immediately.
as the release team may change from time to time, it is best practice to check the keyring update time whenever you acquire a new release. where possible, this verification will take place automatically as part of the build process, but this depends on the capabilities of your distro’s build system.
we strongly recommend that you keep a copy of the maintainer’s key cached locally:
$ curl -s https://c.comint.su/keyring/libk/principal.pub | sudo tee /etc/signify/libk-maintainer:lexi-hale.pub
this will fetch the keyring and print a message to standard error reporting the validity of the signature:
$ wget https://c.comint.su/keyring/libk/relengs.tar{,.sig} && signify -Vm relengs.tar && tar xf relengs.tar && mv -n relengs/* /etc/signify/
the -n
flag is critical to keep mv
from clobbering any existing keys you may have in your signify trust root.
the project keyring was last updated on .
the current maintainer is Lexi Hale, whose key can be downloaded below.