bugzilla-daemon at mindrot.org
2002-Aug-02 16:28 UTC
[Bug 379] New: difficult to find the openssh code signing key on openssh.org.
http://bugzilla.mindrot.org/show_bug.cgi?id=379
Summary: difficult to find the openssh code signing key on
openssh.org.
Product: Portable OpenSSH
Version: -current
Platform: Other
OS/Version: other
Status: NEW
Severity: normal
Priority: P2
Component: Documentation
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy: jsmith at purdue.edu
After the release of the report yesterday concerning the trojaned openssh, I
decided to verify the PGP signature on the distribution I had installed. I
spent perhaps 1/2 hour or more before I managed to track down the public key
of the signer so I could add it to my key-ring and verify that I'd used a
non-trojaned distribution. It wasn't obvious or easy.
It would be a great service to your user community if you made the signing key
easy to find on your web site. A top-level link would be nice, but even a
link from the download section would be good.
Thank you for your consideration, and keep up the good work on openssh!
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Apparently Analagous Threads
- [Bug 379] difficult to find the openssh code signing key on openssh.org.
- openssh-3.4p1.tar.gz on ftp.openbsd.org changing rather than frozen (fwd)
- OpenSSH Security Advisory: Trojaned Distribution Files
- new packaging signing key uploaded to samba.org
- OpenSSH key signing service?
Wisdom of the Ancients
