Hi, I recently downloaded openssh-8.9pl.tar.gz, openssh-8.9pl.tar.gz, and DJM-GPG-KEY.asc. I discovered that DJM-GPG-KEY.asc file does not contain the proper public key that was used to sign this distribution of OpenSSH, and after further digging I think that particular key may have been revoked. I downloaded the appropriate public key from pgp.mit.edu and was then able to confirm a valid signature. I thought you might like to know this in order to place the proper public signature file with the distros. Regards, Jeff _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
