Hi,
I recently downloaded openssh-8.9pl.tar.gz, openssh-8.9pl.tar.gz, and DJM-GPG-KEY.asc. I discovered that DJM-GPG-KEY.asc file does not contain the proper public key that was used to sign this distribution of OpenSSH, and after further digging I think that particular key may have been revoked. I downloaded the appropriate public key from pgp.mit.edu and was then able to confirm a valid signature.
I thought you might like to know this in order to place the proper public signature file with the distros.
Regards,
Jeff
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
I recently downloaded openssh-8.9pl.tar.gz, openssh-8.9pl.tar.gz, and DJM-GPG-KEY.asc. I discovered that DJM-GPG-KEY.asc file does not contain the proper public key that was used to sign this distribution of OpenSSH, and after further digging I think that particular key may have been revoked. I downloaded the appropriate public key from pgp.mit.edu and was then able to confirm a valid signature.
I thought you might like to know this in order to place the proper public signature file with the distros.
Regards,
Jeff
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev