search

ProtonMail / proton-bridge

Proton Mail Bridge application
GNU General Public License v3.0
1.18k stars 159 forks source link

GPG verify of 3.10.0 deb warns that signing key has expired #466

Closed zwets closed 2 months ago

zwets commented 8 months ago

Verifying the 3.10.0 deb gives:

$ gpg --verify protonmail-bridge_3.10.0-1_amd64.deb.sig 
gpg: assuming signed data in 'protonmail-bridge_3.10.0-1_amd64.deb'
gpg: Signature made Wed 06 Mar 2024 13:59:07 EAT
gpg:                using RSA key D51E64D3E63EDC3EEF7864CEE2C75D68E6234B07
gpg: Good signature from "Proton Technologies AG (ProtonMail Bridge developers) <bridge@protonmail.ch>" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: D51E 64D3 E63E DC3E EF78  64CE E2C7 5D68 E623 4B07

It appears the signature is good, but the signing key has expired.

This may be a matter of updating your public key in my GPG keyring, but I can't seem to find where to get it from - and TBH don't recall how I got it in the first place :smirk:

zwets commented 2 months ago

This issue has been resolved, and the renewed public key is now available in the repository.