How to verify the integrity of julia download?

The problem is I can’t get the public keys.
Here are my tries:

  1. gpg --keyserver hkp:// --recv-key 0x09788F1E
    gpg: keyserver receive failed: No keyserver available

  2. gpg --auto-key-locate nodefault,wkd --locate-keys

gpg: error retrieving '' via WKD: No data
gpg: error reading key: No data
  1. gpg --keyserver --recv-key 0x09788F1E
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

What to do get that key?

Did you see the “Download Verification” section at Download Julia ?

Here’s the direct link to the key:

can you give the exact gpg command to import the key from the file and verify it?
I figured it out. Here’s the output:

gpgv: Signature made Friday 23 April 2021 11:16:56 PM IST
gpgv:                using RSA key 3673DF529D9049477F76B37566E3C7DC03D6E495
gpgv:                issuer ""
gpgv: Good signature from "Julia (Binary signing key) <>"

verification(gpg --verify julia-1.6.1-linux-x86_64.tar.gz.asc julia-1.6.1-linux-x86_64.tar.gz) output:

gpg: Signature made Friday 23 April 2021 11:16:56 PM IST
gpg:                using RSA key 3673DF529D9049477F76B37566E3C7DC03D6E495
gpg:                issuer ""
gpg: Good signature from "Julia (Binary signing key) <>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 3673 DF52 9D90 4947 7F76  B375 66E3 C7DC 03D6 E495
1 Like