I helped print this statue of Edgar Allan Poe, through “We the Builders“, who coordinate large-scale crowd-sourced 3D print jobs:
You can see one of my parts here on top, with “-Kees” on the piece with the funky hair strand:
The MakerWare I run on Ubuntu works well. I wish they were correctly signing their repositories. Even if I use non-SSL to fetch their key, as their Ubuntu/Debian instructions recommend, it still doesn’t match the packages:
1 | W: GPG error: http://downloads.makerbot.com trusty Release: The following signatures were invalid: BADSIG 3D019B838FB1487F MakerBot Industries dev team <dev@makerbot.com> |
And it’s not just my APT configuration:
03 | $ gpg --verify Release.gpg Release |
04 | gpg: Signature made Wed 11 Mar 2015 12:43:07 PM PDT using RSA key ID 8FB1487F |
05 | gpg: requesting key 8FB1487F from hkp server pgp.mit.edu |
06 | gpg: key 8FB1487F: public key "MakerBot Industries LLC (Software development team) <dev@makerbot.com>" imported |
07 | gpg: Total number processed: 1 |
08 | gpg: imported: 1 (RSA: 1) |
09 | gpg: BAD signature from "MakerBot Industries LLC (Software development team) <dev@makerbot.com>" |
11 | Date: Tue, 09 Jun 2015 19:41:02 UTC |
Looks like they’re updating their Release file without updating the signature file. (The signature is from March, but the Release file is from June. Oops!)
© 2015, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 License.
