| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As explained in 50e6f6e (update Junio's GPG key (with extended
expiration), 2021-01-27) in the git package¹, the key used to sign git
releases expired in July 2020. While this doesn't strictly affect us
because we use gpgv to verify the releases against a known key file, it
is worth updating to make it clear that we're using the correct signing
key.
Here is a diff of the key file before and after the update:
$ diff -u <(gpg gpgkey-96E07AF25771955980DAD10020D04E5A713660A7.asc~ 2>/dev/null) \
<(gpg gpgkey-96E07AF25771955980DAD10020D04E5A713660A7.asc 2>/dev/null)
--- /dev/fd/63 2021-06-05 15:40:47.398256869 -0400
+++ /dev/fd/62 2021-06-05 15:40:47.399256908 -0400
@@ -3,6 +3,6 @@
uid Junio C Hamano <gitster@pobox.com>
uid Junio C Hamano <junio@pobox.com>
uid Junio C Hamano <jch@google.com>
-sub rsa4096/B0B5E88696AFE6CB 2011-10-03 [S] [expired: 2020-07-26]
+sub rsa4096/B0B5E88696AFE6CB 2011-10-03 [S] [expires: 2028-01-11]
sub rsa4096/86B76D5D833262C4 2011-10-01 [E]
-sub rsa4096/7594EEC7B3F7CAC9 2014-09-20 [S] [expired: 2020-07-26]
+sub rsa4096/7594EEC7B3F7CAC9 2014-09-20 [S] [expires: 2028-01-11]
A thread on the git list is where the question was raised and Junio
confirmed he'd extended the expiration of his signing key².
¹ https://src.fedoraproject.org/rpms/git/c/50e6f6e
² https://lore.kernel.org/git/B6DFB74D-A722-4DBD-A4B2-562604B21CCB@alchemists.io/T/#u
|
