[syslinux] GPG Key
H. Peter Anvin
hpa at zytor.com
Tue Feb 14 11:46:05 PST 2017
On 01/26/17 18:00, Gene Cumm via Syslinux wrote:
> On Thu, Jan 26, 2017 at 4:27 PM, Geert Stappers via Syslinux
> <syslinux at zytor.com> wrote:
>> On Thu, Jan 26, 2017 at 01:25:34PM +0000, Richard Melville via Syslinux wrote:
>>> I just downloaded syslinux-6.03 and found
>>> that the GPG key has expired.
>>> If this has been mentioned on this list before I apologise;
>>> I have only just joined the list.
>>
>> Thanks for reporting.
>> Thanks for the first reporting about the expired GPG key.
>
> To be specific, RSA key ID 58F7ABFE expired 2016-12-05 shown on
> http://pgp.mit.edu/pks/lookup?op=vindex&search=0x88AE647D58F7ABFE
>
As this is often misunderstood: an expired key is still valid to verify
old signatures. It is not valid to make new signatures.
A *revoked* key is not valid even for old signatures.
-hpa
More information about the Syslinux
mailing list