GPG signature is broken for GCC 4.8.3
GCC 4.8.3 is signed by RSA key ID FC26A641.
$ gpg --verify gcc-4.8.3.tar.bz2.sig
gpg: Signature made Thu May 22 04:09:35 2014 PDT using RSA key ID FC26A641
gpg: Good signature from "Richard Guenther <rguenth@tat.physik.uni-tuebingen.de>"
gpg: aka "Richard Guenther (GCC) <rguenth@gcc.gnu.org>"
...
This key is not included in our GCC keyring:
$ gpg gitian/gpg/GCC.gpg
pub 1024D/C3C45C06 2004-04-21 Jakub Jelinek <jakub@redhat.com>
sub 2048g/241CF083 2004-04-21 [expires: 2020-09-10]
$
So, when I build the tor-browser-bundle, I get:
...
2014-10-07 10:26:55 (14.4 MB/s) - `gcc-4.8.3.tar.bz2.sig' saved [280/280]
GCC: GPG signature is broken for https://ftp.gnu.org/gnu/gcc/gcc-4.8.3/gcc-4.8.3.tar.bz2
Actually, there are six keys that can sign the GCC releases:
https://gcc.gnu.org/mirrors.html
So, we probably want to update gitian/gpg/GCC.gpg
to include all six keys.