Re: [bug-gnu-libiconv] libiconv signing key

bug-gnu-libiconv

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-gnu-libiconv] libiconv signing key

From:	George Rawlinson
Subject:	Re: [bug-gnu-libiconv] libiconv signing key
Date:	Sun, 1 Nov 2020 12:09:02 +1300

On 20-10-31 19:54, Bruno Haible wrote:

[CCing the mailing list]

Hello,

George Rawlinson wrote:

The key used to sign libiconv (version 1.16) has expired.

I believe it is this key: 68D94D8AAEEAD48AE7DC5B904F494A942E4616C2.


Thanks for reporting this, but:

A key expiry is something else than a key revocation.

Keys eventually expire, yet signatures previously made with them remain
valid pieces of information. As long as the signature was made before
the key expired (which you can infer by looking at the timestamp of
the file on ftp.gnu.org - even if you don't trust the date in the signature
itself), you can trust the signature.

Bruno


Thanks Bruno,

Appreciate the explanation.

--
George Rawlinson
PGP: 25EA6900D9EA5EBC

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [bug-gnu-libiconv] libiconv signing key, Bruno Haible, 2020/10/31
- Re: [bug-gnu-libiconv] libiconv signing key, George Rawlinson <=

Prev by Date: Re: [bug-gnu-libiconv] libiconv signing key
Previous by thread: Re: [bug-gnu-libiconv] libiconv signing key
Index(es):
- Date
- Thread