[Bug 379] New: difficult to find the openssh code signing key on openssh.org.

Sat Aug 3 02:28:37 EST 2002

http://bugzilla.mindrot.org/show_bug.cgi?id=379

           Summary: difficult to find the openssh code signing key on
                    openssh.org.
           Product: Portable OpenSSH
           Version: -current
          Platform: Other
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Documentation
        AssignedTo: openssh-unix-dev at mindrot.org
        ReportedBy: jsmith at purdue.edu

After the release of the report yesterday concerning the trojaned openssh, I  
decided to verify the PGP signature on the distribution I had installed.  I  
spent perhaps 1/2 hour or more before I managed to track down the public key  
of the signer so I could add it to my key-ring and verify that I'd used a  
non-trojaned distribution. It wasn't obvious or easy. 

It would be a great service to your user community if you made the signing key  
easy to find on your web site.  A top-level link would be nice, but even a  
link from the download section would be good.  

Thank you for your consideration, and keep up the good work on openssh!

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.