GPG signing key is expired
Closed this issue · 1 comments
graywolf commented
Hello,
I wanted to verify the source archive, so I downloaded the GPG key from https://www.libressl.org/releases.html ( https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl.asc ). The archive (libressl-3.8.2.tar.gz) does verify, but the key is expired. Is that expected?
busterb commented
We just haven't had a release since the last one. I've updated the public key on ftp.openbsd.org, though it may take some time to propagate to mirrors. You should be able to continue verifying with releases with it.