new signing key, blobs found in current releases

[Alexandre Oliva]

I'll start using the following key to sign linux-libre source
tarballs, patches, and packages.  I've updated SIGNING-KEY in the
repositories.  The new key is signed with my personal key, that's
still present in the SIGNING-KEY file.

pub   1024D/7E7D47A7 2008-07-16
      Key fingerprint = 4744 02C8 C582 DAFB E389  C427 BCB7 CF87 7E7D 47A7
uid                  linux-libre (Alexandre Oliva) <linux-libre+lxoliva at fsfla.org>


Incidentally, while dealing with the post-2.6.26 merge (lots of stuff
moved to firmware/), I realized linux-libre has included a few
non-Free blobs, for which I'd added false-positive patterns to
deblob-check because they were present in the tarball I used as a
starting point.

  sound/isa/sb/sb16_csp_codecs.h
  sound/isa/wavefront/yss225.c

are the two affected files I've located so far.  I'll double-check
others.  Earlier versions of deblob removed similar files, but they
were renamed before 2.6.24, and this wasn't reflected in the deblob
script.  Oops.

I'll update deblob-check and deblob-2.6.2[3-7] to cover these files,
and prepare new libre3 source tarballs for 2.6.2[345], and a libre1
tarball for 2.6.26 ASAP.  I won't release any sources or binaries
before fixing this problem, and I'll remove the infected sources and
builds as soon as I have freer replacements.

I apologize for the leak.  Thanks for your understanding.

-- 
Alexandre Oliva         http://www.lsd.ic.unicamp.br/~oliva/
Free Software Evangelist  oliva@{lsd.ic.unicamp.br, gnu.org}
FSFLA Board Member       ¡Sé Libre! => http://www.fsfla.org/
Red Hat Compiler Engineer   aoliva@{redhat.com, gcc.gnu.org}