Invalid Public Key File
Jeff Mericle
jeffmericle at morningstarcc.org
Sat Jan 14 09:09:58 AEDT 2023
Hi,
I recently downloaded openssh-8.9pl.tar.gz, openssh-8.9pl.tar.gz, and DJM-GPG-KEY.asc. I discovered that DJM-GPG-KEY.asc file does not contain the proper public key that was used to sign this distribution of OpenSSH, and after further digging I think that particular key may have been revoked. I downloaded the appropriate public key from pgp.mit.edu and was then able to confirm a valid signature.
I thought you might like to know this in order to place the proper public signature file with the distros.
Regards,
Jeff
More information about the openssh-unix-dev
mailing list