I helped print this statue of Edgar Allan Poe, through “We the Builders“, who coordinate large-scale crowd-sourced 3D print jobs:
You can see one of my parts here on top, with “-Kees” on the piece with the funky hair strand:
The MakerWare I run on Ubuntu works well. I wish they were correctly signing their repositories. Even if I use non-SSL to fetch their key, as their Ubuntu/Debian instructions recommend, it still doesn’t match the packages:
W: GPG error: http://downloads.makerbot.com trusty Release: The following signatures were invalid: BADSIG 3D019B838FB1487F MakerBot Industries dev team <email@example.com>
And it’s not just my APT configuration:
$ wget http://downloads.makerbot.com/makerware/ubuntu/dists/trusty/Release.gpg $ wget http://downloads.makerbot.com/makerware/ubuntu/dists/trusty/Release $ gpg --verify Release.gpg Release gpg: Signature made Wed 11 Mar 2015 12:43:07 PM PDT using RSA key ID 8FB1487F gpg: requesting key 8FB1487F from hkp server pgp.mit.edu gpg: key 8FB1487F: public key "MakerBot Industries LLC (Software development team) <firstname.lastname@example.org>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) gpg: BAD signature from "MakerBot Industries LLC (Software development team) <email@example.com>" $ grep ^Date Release Date: Tue, 09 Jun 2015 19:41:02 UTC
Looks like they’re updating their Release file without updating the signature file. (The signature is from March, but the Release file is from June. Oops!)
© 2015, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.