I downloaded openvpn-2.4.6.tar.gz and the associated GnuPG signature,
but the signing key seems to have expired before it was signed:
$gpg2 -v --verify openvpn-2.4.6.tar.gz.asc
gpg: assuming signed data in '/***/openvpn-2.4.6.tar.gz'
gpg: Signature made Tue Apr 24 03:14:52 2018 EDT
gpg: using RSA key D518B9BD643CF94DA5ED9970F132B1CBAF131CAE
gpg: Note: signature key D72AF3448CC2B034 expired Tue Mar 6 07:17:50 2018 EST
gpg: using subkey F132B1CBAF131CAE instead of primary key 12F5F7B42F2B01E7
gpg: Note: signature key D72AF3448CC2B034 expired Tue Mar 6 07:17:50 2018 EST
gpg: using pgp trust model
gpg: Good signature from "OpenVPN - Security Mailing List
<secur...@openvpn.net>" [unknown]
gpg: Note: signature key D72AF3448CC2B034 expired Tue Mar 6 07:17:50 2018 EST
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: F554 A368 7412 CFFE BDEF E0A3 12F5 F7B4 2F2B 01E7
Subkey fingerprint: D518 B9BD 643C F94D A5ED 9970 F132 B1CB AF13 1CAE
gpg: binary signature, digest algorithm SHA256, key algorithm rsa4096
Any ideas?
Thanks in advance,
Jon Bullard
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
