bugzilla-daemon at mindrot.org
2002-Aug-02 16:28 UTC
[Bug 379] New: difficult to find the openssh code signing key on openssh.org.
http://bugzilla.mindrot.org/show_bug.cgi?id=379 Summary: difficult to find the openssh code signing key on openssh.org. Product: Portable OpenSSH Version: -current Platform: Other OS/Version: other Status: NEW Severity: normal Priority: P2 Component: Documentation AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: jsmith at purdue.edu After the release of the report yesterday concerning the trojaned openssh, I decided to verify the PGP signature on the distribution I had installed. I spent perhaps 1/2 hour or more before I managed to track down the public key of the signer so I could add it to my key-ring and verify that I'd used a non-trojaned distribution. It wasn't obvious or easy. It would be a great service to your user community if you made the signing key easy to find on your web site. A top-level link would be nice, but even a link from the download section would be good. Thank you for your consideration, and keep up the good work on openssh! ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
Apparently Analagous Threads
- [Bug 379] difficult to find the openssh code signing key on openssh.org.
- openssh-3.4p1.tar.gz on ftp.openbsd.org changing rather than frozen (fwd)
- OpenSSH Security Advisory: Trojaned Distribution Files
- new packaging signing key uploaded to samba.org
- OpenSSH key signing service?