libressl-3.8.3.tar.gz.asc key is expired?
orbea opened this issue · 5 comments
orbea commented
With the Gentoo ebuild.
[ ERROR] OpenPGP verification failed for <_io.BufferedReader name='/var/tmp/portage/dev-libs/libressl-3.8.3/distdir/libressl-3.8.3.tar.gz'> (sig in /var/tmp/portage/dev-libs/libressl-3.8.3/distdir/libressl-3.8.3.tar.gz.asc):
OpenPGP signature rejected because of expired key:
gpg: Signature made Sat 09 Mar 2024 08:34:40 PM UTC
gpg: using RSA key 6F67522EC596C025B24549911FFAA0B24B708F96
gpg: Good signature from "keybase.io/busterb <busterb@keybase.io>" [expired]
gpg: aka "Brent Cook <busterb@gmail.com>" [expired]
gpg: aka "Brent Cook <bcook@openbsd.org>" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: A1EB 079B 8D3E B92B 4EBD 3139 663A F51B D5E4 D8D5
Subkey fingerprint: 6F67 522E C596 C025 B245 4991 1FFA A0B2 4B70 8F96
Am I doing something wrong?
busterb commented
Try updating to the latest key from https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl.asc
Or https://keybase.io/busterb/pgp_keys.asc?fingerprint=a1eb079b8d3eb92b4ebd3139663af51bd5e4d8d5
I submitted the updated key to MIT's keyserver too, but it's so slow and broken, I'm not sure it actually worked.
orbea commented
I was sure I did that already, but upon double checking that I had the right .asc
file I see something went wrong so I tried again and now it works. Thanks for the help!
vszakats commented
pgpkeys.eu
and keyserver.ubuntu.com
continue serving expired keys.
@busterb: If not too much bother, can you upload the new key to these? It'd help replicating it faster to further servers.
busterb commented
Done.
…On Mon, Mar 18, 2024 at 7:15 PM Viktor Szakats ***@***.***> wrote:
pgpkeys.eu
<https://pgpkeys.eu/pks/lookup?search=a1eb079b8d3eb92b4ebd3139663af51bd5e4d8d5&fingerprint=on&op=index>
and keyserver.ubuntu.com
<https://keyserver.ubuntu.com/pks/lookup?search=a1eb079b8d3eb92b4ebd3139663af51bd5e4d8d5&fingerprint=on&op=index>
are still serving expired keys.
@busterb <https://github.com/busterb>: If not too much bother, can you
upload the new key to these? It'd help replicating it faster to further
servers.
—
Reply to this email directly, view it on GitHub
<#1013 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AA7LC3XTMOHMWU25GUJXVSLYY57T5AVCNFSM6AAAAABEPBNPO6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMBVGQYTMMBYGA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>