I have one more question to the manual download procedure of an ubuntuphone image.
The download script does already check the integrity of the downloaded files, that's fine.
But I would like to check the authenticity of the download and I fail at the end
with the last key id.
For the most files signature files are provided. They were generated by the pgp key of
UBports System Image Image Signing key email@example.com
This first key (inside a keyring) comes with a signature generated by the pgp key of
1 Image Master key firstname.lastname@example.org
This second key (inside a keyring) is signed by the pgp key belonging
to the key id
I cannot find this key; I suppose it is published in a similar manner
like e.g. debian distro maintainers proceed.
And finally, for http://cdimage.ubports.com/devices/recovery-vegetahd.img
i could not find any pgp signature file.
Perhaps, you could give me a hint again?