GPG signing key is expired

Question

GPG signing key is expired

Closed this issue 4 months ago · 1 comments

Hello,

I wanted to verify the source archive, so I downloaded the GPG key from https://www.libressl.org/releases.html ( https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl.asc ). The archive (libressl-3.8.2.tar.gz) does verify, but the key is expired. Is that expected?

Answer 1 · 2024-03-03T23:38:38.000Z

We just haven't had a release since the last one. I've updated the public key on ftp.openbsd.org, though it may take some time to propagate to mirrors. You should be able to continue verifying with releases with it.