Hi folks,

Just a quick message to let you know that I’ve updating my GPG keys because of the issue described at http://www.debian-administration.org/users/dkg/weblog/48.

The new key is available by running gpg --keyserver keyserver.ubuntu.com --recv-keys EC66FA7D. You’ll see that it’s signed by my old key, 4DAD18FA.

The old key will be knocking around for a while, but I’ll start using the new key to sign things straight away.

   -----BEGIN PGP SIGNED MESSAGE-----
   Hash: SHA1



     -----BEGIN PGP SIGNED MESSAGE-----
     Hash: SHA256
 


For the sake of records, this little message is signed with the new key
   and the resulting signed text is signed with the old key.
   - -----BEGIN PGP SIGNATURE-----
   Version: GnuPG v1.4.9 (GNU/Linux)


iQIcBAEBCAAGBQJKC+jUAAoJEL+CbdjsZvp9SNwQAII63IKWYuoZ8VzV0YGZmOUp
   Fu/EBr9hoBx84upATnFTAGHd3OvGxW25fHr6VaiFzkWJc0EebxYFaYT0qQT7fyXU
   GdNtXsLfFX2u+mw9Ci48T5tEFU2BZYzltv0cfww6m7/PpSB2agXcb6BOzMSqTzxt
   4mVEUvlqNfBC57Ds7FOcDnIv5IvT4RN6eLqxabSw6boworLyVUcjw8rMu2Fw0PDo
   /wKV77FLnn1FLf9zcPmZ41n4Oy5OCdTcymZq/BOTj/+a/5aa5HMY59QXp9W1VgKT
   wEBSb5d1flZ3BOa+Xh9f3boMIE81GnfIH4CuoBS0JMgaaRrMDVtnFZSjtNu36wp2
   NiLuGd+rPUTZhXDLA3bWT+C5ShupauE7eHIWMMAZcxq8N/WgYbLvDDvae2fhaQmm
   EmnWKwcMoNW/paao2zgFxQwXMBtVxbseWref4Bc7Z9FOz6hcjEpS2bY0s/5nAlf4
   iGr7/wtIgiCAw8vDaVph4uy3A3jXAUD9J8jFgeVdgdD3Zove5f8DPz2ba57lOBay
   +lqQ4jjz8DLhrvy8lS7SUqJaGhdWPvu2UUkBXCYXFH1ERYbP/PXW2kQrjbI/hrd5
   jQzEuseWoDNXipfdXzlan+guBfAddySCFejLy9n6ezvy1ZWUOTNqQHKs20z5mf6R
   uhSLUOuqJKGJNOo5oWpN
   =PdAw
   - -----END PGP SIGNATURE-----
   -----BEGIN PGP SIGNATURE-----
   Version: GnuPG v1.4.9 (GNU/Linux)


iEYEARECAAYFAkoL6OAACgkQwutMq02tGPrtmwCfQ8PhNtDnTYt+K5cGLShmJhEW
   PgwAni3XdbRbPT+A9+rUOQLJj3JSvFe3
   =vSEU
   -----END PGP SIGNATURE-----
   

For the record, don’t rely on FireGPG to verify the text above; it gets confused. Copy it to disk, gpg --verify it and then extract the inner section and remove the whitespace after the first ‘-’ on the nested signature before gpg --verifying the result.