new signing key, blobs found in current releases

Alexandre Oliva lxoliva at
Wed Jul 16 08:26:12 UTC 2008

I'll start using the following key to sign linux-libre source
tarballs, patches, and packages.  I've updated SIGNING-KEY in the
repositories.  The new key is signed with my personal key, that's
still present in the SIGNING-KEY file.

pub   1024D/7E7D47A7 2008-07-16
      Key fingerprint = 4744 02C8 C582 DAFB E389  C427 BCB7 CF87 7E7D 47A7
uid                  linux-libre (Alexandre Oliva) <linux-libre+lxoliva at>

Incidentally, while dealing with the post-2.6.26 merge (lots of stuff
moved to firmware/), I realized linux-libre has included a few
non-Free blobs, for which I'd added false-positive patterns to
deblob-check because they were present in the tarball I used as a
starting point.


are the two affected files I've located so far.  I'll double-check
others.  Earlier versions of deblob removed similar files, but they
were renamed before 2.6.24, and this wasn't reflected in the deblob
script.  Oops.

I'll update deblob-check and deblob-2.6.2[3-7] to cover these files,
and prepare new libre3 source tarballs for 2.6.2[345], and a libre1
tarball for 2.6.26 ASAP.  I won't release any sources or binaries
before fixing this problem, and I'll remove the infected sources and
builds as soon as I have freer replacements.

I apologize for the leak.  Thanks for your understanding.

Alexandre Oliva
Free Software Evangelist  oliva@{,}
FSFLA Board Member       ¡Sé Libre! =>
Red Hat Compiler Engineer   aoliva@{,}

More information about the linux-libre mailing list