Key for signing release tarballs has been revoked
lazka opened this issue · 3 comments
lazka commented
==> Verifying source file signatures with gpg...
libfido2-1.11.0.tar.gz ... FAILED (public key A166878817F3906C has been revoked)
https://keyserver.ubuntu.com/pks/lookup?search=0xA166878817F3906C&fingerprint=on&op=index
martelletto commented
Thank you for the report. I have asked my colleagues to re-sign the tarballs with a valid PGP key. Apologies for the breakage.
lazka commented
Thanks, no problem. You might also want to remove the key from the list at https://developers.yubico.com/Software_Projects/Software_Signing.html or move it down to the old key list.
kongeo commented
Hi! Please find the new sigs uploaded here: https://developers.yubico.com/libfido2/Releases/