bugzilla-daemon at mindrot.org
2024-Nov-06 16:11 UTC
[Bug 3749] New: RELEASE_KEY.asc at https://www.openssh.com/portable.html is expired
https://bugzilla.mindrot.org/show_bug.cgi?id=3749 Bug ID: 3749 Summary: RELEASE_KEY.asc at https://www.openssh.com/portable.html is expired Product: Portable OpenSSH Version: 9.9p1 Hardware: Other OS: All Status: NEW Severity: enhancement Priority: P5 Component: Documentation Assignee: unassigned-bugs at mindrot.org Reporter: craig at unreasonablefarm.org I imported the key mentioned: https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc And it seems it is rather expired. I was trying to confirm the signature of downloaded source code.> The release files are signed with the PGP public key contained in the file RELEASE_KEY.asc on the ftp site.After importing the release key above I get pub 1024D/86FF9C48 2001-02-26 [revoked: 2013-12-10] uid Damien Miller (Personal Key) <djm at mindrot.org> pub 1024D/11B5748F 1999-05-23 [revoked: 2001-02-26] uid Damien Miller <dmiller at vitnet.com.sg> uid Damien Miller <dmiller at ilogic.com.au> uid Damien Miller <djm at mindrot.org> pub 1024D/691EF8DA 2001-02-26 uid Damien Miller (Personal Key) <djm at mindrot.org> sub 1024g/AC69ED0C 2001-02-26 pub 3200R/6D920D30 2013-12-10 [expired: 2021-01-01] uid Damien Miller <djm at mindrot.org> pub 4096R/736060BA 2021-01-01 uid Damien Miller <djm at mindrot.org> sub 4096R/74B39C46 2021-01-01 Just wondering if I am doing it wrong? Maybe the webpage is out-of-date? FWIW I am working on an out-dated system, centos-6: # gpg --version gpg (GnuPG) 2.0.14 libgcrypt 1.4.5 -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2024-Nov-06 21:29 UTC
[Bug 3749] RELEASE_KEY.asc at https://www.openssh.com/portable.html is expired
https://bugzilla.mindrot.org/show_bug.cgi?id=3749 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org Status|NEW |RESOLVED Resolution|--- |WORKSFORME --- Comment #1 from Damien Miller <djm at mindrot.org> --- The final key in the chain is not expired:> pub 4096R/736060BA 2021-01-01 > uid Damien Miller <djm at mindrot.org> > sub 4096R/74B39C46 2021-01-01Previous, expired/revoked, keys remain in the chain because they are used to sign their replacements to provide continuity of trust. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2024-Nov-06 23:08 UTC
[Bug 3749] RELEASE_KEY.asc at https://www.openssh.com/portable.html is expired
https://bugzilla.mindrot.org/show_bug.cgi?id=3749 --- Comment #2 from craig at unreasonablefarm.org --- Yeah, of course. Sorry I didn't see that. I looked at the key because when I tried to confirm the signature on the download it didn't work. I'll give it another try and report back. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
Possibly Parallel Threads
- DO NOT REPLY [Bug 3749] New: rsync --help misleading information
- Corrupt index.asc
- Signed repomd.xml.asc files for CentOS-6 and CentOS-7 (testing)
- repomd.xml.asc BAD signature in CentOS-7-x86_64-Minimal-2003.iso
- ASC/NZSA 2006 - Detailed Program Available via the Website