Invalid Public Key File

Darren Tucker dtucker at dtucker.net
Sat Jan 14 09:38:40 AEDT 2023


On Sat, 14 Jan 2023 at 09:13, Jeff Mericle
<jeffmericle at morningstarcc.org> wrote:
> I recently downloaded openssh-8.9pl.tar.gz, openssh-8.9pl.tar.gz, and DJM-GPG-KEY.asc.  I discovered that DJM-GPG-KEY.asc [...]
> I thought you might like to know this in order to place the proper public signature file with the distros.

It's there, it's just in the next directory up (since it's also used
to sign the OpenBSD-specific files which are in that directory).

This is described on the OpenSSH Portable download page
(https://www.openssh.com/portable.html):

"""
The following files describe the development efforts of the OpenSSH
portability development team. The release files are signed with the
PGP public key contained in the file RELEASE_KEY.asc on the ftp site.
This key is also available through the key server network and has a
fingerprint of 7168B983815A5EEF59A4ADFD2A3F414E736060BA.
"""

and release notes (https://www.openssh.com/releasenotes.html):

"""
The PGP key used to sign the releases is available from the mirror sites:
https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc
"""

-- 
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.


More information about the openssh-unix-dev mailing list