v7.3.14073 FAILS gpg signature verification

jonathancross commented 1 year ago

Bug title GPG signature is invalid for Checksums.txt

$ gpg --verify Checksums.txt.asc
gpg: assuming signed data in 'Checksums.txt'
gpg: Signature made Thu 11 May 2023 05:57:36 PM WEST
gpg:                using RSA key 0x9FEC539DB8E4EA8B
gpg: BAD signature from "Beam Privacy <security@beam.mw>" [unknown]

$ ls
Checksums.txt  Checksums.txt.asc

$ sha256sum Checksums.txt.asc Checksums.txt
560ca2ae1e49376e7732e2d737ea36825da9e8b93ca80a8d91dc89ea1087dc02  Checksums.txt.asc
5ed06728c525fce70d9cfe8a72cd38d0d0e030eb9cffd3a3934bff28521bd99d  Checksums.txt

$ gpg -k security@beam.mw
pub   rsa4096/0x997EAB9F3DF7F375 2019-01-17 [SC]
      Key fingerprint = A6C6 2C9F 5593 1860 AFF8  3BBB 997E AB9F 3DF7 F375
uid                   [ unknown] Beam Privacy <security@beam.mw>
sub   rsa2048/0x5AEFD34ADAB1AD33 2019-01-17 [E] [expires: 2027-01-15]
sub   rsa2048/0x9FEC539DB8E4EA8B 2019-01-17 [SA] [expires: 2027-01-15]

jonathancross commented 10 months ago

Ping @anatolse

jonathancross commented 5 months ago

Has this project has simply given up on signing releases!?

@Maxnflaxl ?

Maxnflaxl commented 5 months ago

No, of course not. Our certificate expired and we did not get a new one in time. I will try to find out what the hold-up is about renewing the certificate ^^

jonathancross commented 5 months ago

Note: this is about gpg signatures which were supported for a long time, but then stopped working and then silently disappeared a while back.

jonathancross commented 3 months ago

Wait, this makes no sense...

I asked:

Has this project has simply given up on signing releases!?

You responded:

No, of course not.

Then you closed as "not planned"?

Maxnflaxl commented 3 months ago

It's an old version, makes no sense to find out what was wrong there. Future releases will be signed.

BeamMW / beam

v7.3.14073 FAILS gpg signature verification #1948