[syslinux] GPG Key

H. Peter Anvin hpa at zytor.com
Tue Feb 14 11:46:05 PST 2017

On 01/26/17 18:00, Gene Cumm via Syslinux wrote:
> On Thu, Jan 26, 2017 at 4:27 PM, Geert Stappers via Syslinux
> <syslinux at zytor.com> wrote:
>> On Thu, Jan 26, 2017 at 01:25:34PM +0000, Richard Melville via Syslinux wrote:
>>> I just downloaded syslinux-6.03 and found
>>> that the GPG key has expired.
>>> If this has been mentioned on this list before I apologise;
>>> I have only just joined the list.
>> Thanks for reporting.
>> Thanks for the first reporting about the expired GPG key.
> To be specific, RSA key ID 58F7ABFE expired 2016-12-05 shown on
> http://pgp.mit.edu/pks/lookup?op=vindex&search=0x88AE647D58F7ABFE

As this is often misunderstood: an expired key is still valid to verify
old signatures.  It is not valid to make new signatures.

A *revoked* key is not valid even for old signatures.


More information about the Syslinux mailing list