<div dir="ltr">Hi Nicholas,<div><br></div><div>Find attached the gpg key used to sign the tarballs. I've also uploaded it to the Ubuntu key server:</div><div><br></div><div><a href="https://keyserver.ubuntu.com/pks/lookup?op=vindex&search=albertvaka%40gmail.com&fingerprint=on">https://keyserver.ubuntu.com/pks/lookup?op=vindex&search=albertvaka%40gmail.com&fingerprint=on</a></div><div><br></div><div>Thanks a lot for your time,</div><div>Albert</div></div><br><div class="gmail_quote"><div dir="ltr">On Thu, May 31, 2018 at 9:02 PM Nicholas D Steeves <<a href="mailto:nsteeves@gmail.com">nsteeves@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Dear Albert,<br>
<br>
Thank you for your work on kdeconnect, it really is a "killer app"! I<br>
noticed that Debian (and all derivatives) are not verifying the gpg<br>
signature provided with the tarball:<br>
<a href="https://download.kde.org/stable/kdeconnect/1.3.1/src/kdeconnect-kde-1.3.1.tar.xz.sig" rel="noreferrer" target="_blank">https://download.kde.org/stable/kdeconnect/1.3.1/src/kdeconnect-kde-1.3.1.tar.xz.sig</a><br>
<br>
Assuming that it was your key, I searched for it, but unfortunately<br>
wasn't able to find it on any key servers. Would you please send me<br>
the public key used to sign releases? Maximiliano Curia and I plan to<br>
update the Debian package this weekend, and it would be nice to add<br>
gpg signature verification at this time.<br>
<br>
I've CCed the kdeconnect mailing list for the benefit of anyone else<br>
who might be struggling to find this key, but I am not subscribed to<br>
the list so please take care to CC me.<br>
<br>
Sincerely,<br>
Nicholas<br>
</blockquote></div>