Hi -
I'm attempting to verify my download of the installation .iso and while the signature is good, it looks like the PGP key itself expired a few days ago? Something to be worried about?
I'm attempting to verify my download of the installation .iso and while the signature is good, it looks like the PGP key itself expired a few days ago? Something to be worried about?
Code:
$ gpg --verify TrueNAS-SCALE-22.12.3.3.iso.gpg TrueNAS-SCALE-22.12.3.3.iso
gpg: Signature made Tue Jul 25 08:38:24 2023 EDT
gpg: using RSA key C8D62DEF767C1DB0DFF4E6EC358EAA9112CF7946
gpg: Good signature from "IX SecTeam <security-officer@ixsystems.com>" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: C8D6 2DEF 767C 1DB0 DFF4 E6EC 358E AA91 12CF 7946
$ gpg --list-keys
~/.gnupg/pubring.kbx
--------------------------------
pub rsa4096 2019-10-15 [SC] [expired: 2023-09-08]
C8D62DEF767C1DB0DFF4E6EC358EAA9112CF7946
uid [ expired] IX SecTeam <security-officer@ixsystems.com>