GPG Public key on Github is expired since 2017. What kind of security is this?


#1

Ive been trying to look for the gpg release key so that i can verify the files downloaded. But the one listed in Github is expired since 2017.

I am extremely shocked the fact that no one else has even asked about this and that this key has not even been updated since 2017
pub rsa2048 2015-02-03 [SC] [expired: 2017-02-11]
1A83A9A76A516EE3FD7054F5F33BAE29011D6ABC
uid [ expired] Tribler release key

The only issue i found related to this is https://github.com/Tribler/tribler/issues/2257

Still i dont understand why something that is of major priority has been neglected like this. Unless im too blind to find it? (and why must i go searching for it on https://pgp.mit.edu ??) Please update your release key on Github and on your site.


#2

Thanks for reporting! We will track this issue on GitHub