* setup-x86_64.exe gpg signing key expired?
@ 2022-09-02 21:47 Jim Garrison
2022-09-02 22:25 ` Jon Turney
0 siblings, 1 reply; 3+ messages in thread
From: Jim Garrison @ 2022-09-02 21:47 UTC (permalink / raw)
To: cygwin
It appears the key expired 2022-02-26, so I presume this is known. I
bring it up on the slim chance it hasn't been noticed or reported yet.
$ gpg --verify setup-x86_64.exe.sig
gpg: assuming signed data in 'setup-x86_64.exe'
gpg: Signature made Fri, Jun 24, 2022 05:48:55 PDT
gpg: using DSA key 1169DF9F22734F743AA59232A9A262FF676041BA
gpg: checking the trustdb
gpg: public key CCB2EB46E76CF6D0 is 35475 seconds newer than the signature
gpg: marginals needed: 3 completes needed: 1 trust model: classic
gpg: depth: 0 valid: 3 signed: 3 trust: 0-, 0q, 0n, 0m, 0f, 3u
gpg: depth: 1 valid: 3 signed: 0 trust: 2-, 0q, 0n, 0m, 1f, 0u
gpg: next trustdb check due at 2023-04-30
gpg: Good signature from "Cygwin <cygwin@cygwin.com>" [full]
gpg: Signature made Fri, Jun 24, 2022 05:48:55 PDT
gpg: using RSA key 56405CF6FCC81574682A5D561A698DE9E2E56300
gpg: Good signature from "Cygwin <cygwin@cygwin.com>" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: 5640 5CF6 FCC8 1574 682A 5D56 1A69 8DE9 E2E5 6300
...and...
$ gpg -k 56405CF6FCC81574682A5D561A698DE9E2E56300
pub rsa4096 2020-02-27 [SC] [expired: 2022-02-26]
56405CF6FCC81574682A5D561A698DE9E2E56300
uid [ expired] Cygwin <cygwin@cygwin.com>
Cheers!
--
Jim Garrison
jhg@acm.org
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: setup-x86_64.exe gpg signing key expired?
2022-09-02 21:47 setup-x86_64.exe gpg signing key expired? Jim Garrison
@ 2022-09-02 22:25 ` Jon Turney
2022-09-02 22:45 ` Jim Garrison
0 siblings, 1 reply; 3+ messages in thread
From: Jon Turney @ 2022-09-02 22:25 UTC (permalink / raw)
To: jhg, The Cygwin Mailing List
On 02/09/2022 22:47, Jim Garrison via Cygwin wrote:
> It appears the key expired 2022-02-26, so I presume this is known. I
> bring it up on the slim chance it hasn't been noticed or reported yet.
Refetch the key from https://cygwin.com/key/pubring.asc or a keysever.
We periodically extend the expiration date and re-issue the key.
This avoids using a key without an expiration date, whilst also avoiding
unnecessary key rotations when the initial expiration date is reached.
> $ gpg -k 56405CF6FCC81574682A5D561A698DE9E2E56300
> pub rsa4096 2020-02-27 [SC] [expires: 2024-03-02]
> 56405CF6FCC81574682A5D561A698DE9E2E56300
> uid [ultimate] Cygwin <cygwin@cygwin.com>
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: setup-x86_64.exe gpg signing key expired?
2022-09-02 22:25 ` Jon Turney
@ 2022-09-02 22:45 ` Jim Garrison
0 siblings, 0 replies; 3+ messages in thread
From: Jim Garrison @ 2022-09-02 22:45 UTC (permalink / raw)
To: cygwin
On 09/02/22 15:25, Jon Turney wrote:
> On 02/09/2022 22:47, Jim Garrison via Cygwin wrote:
>> It appears the key expired 2022-02-26, so I presume this is known. I
>> bring it up on the slim chance it hasn't been noticed or reported yet.
>
> Refetch the key from https://cygwin.com/key/pubring.asc or a keysever.
>
> We periodically extend the expiration date and re-issue the key.
>
> This avoids using a key without an expiration date, whilst also avoiding
> unnecessary key rotations when the initial expiration date is reached.
>
>> $ gpg -k 56405CF6FCC81574682A5D561A698DE9E2E56300
>> pub rsa4096 2020-02-27 [SC] [expires: 2024-03-02]
>> 56405CF6FCC81574682A5D561A698DE9E2E56300
>> uid [ultimate] Cygwin <cygwin@cygwin.com>
>>
>
Got it, thanks.
--
Jim Garrison
jhg@acm.org
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-09-02 22:45 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-09-02 21:47 setup-x86_64.exe gpg signing key expired? Jim Garrison
2022-09-02 22:25 ` Jon Turney
2022-09-02 22:45 ` Jim Garrison
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).