Josh Strobl Public Key for Budgie 4.00 ISO Has Expired

downhill

I attempted to verify the checksum file a few minutes ago for the Budgie 4.00 ISO and Josh's public key expired on 05/04/2019. Perhaps the same issue (?) for the other ISOs.

JoshStrobl

downhill Odd, I exported the newer GPG key and uploaded it, even was trying to be diligent by renewing and uploading to the same keyserver a few weeks ago. I'll double-check once I get to my desktop and re-sign the ISOs as well. Thanks for bringing it to my attention.

Harvey

In the meantime to alleviate any fear, I've had the iso's on my drive since launch (I was a early seed):

sha256sum Solus-4.0-whateveredition.iso and compare hashes:
e67c3b7644c97937a0b681883e519a78ea4f62b304d236b28f06536ba1dcdbd6 Solus-4.0-Budgie.iso
bd146cccf91269aa9b14a0bd2ba0c1f297ef1615a569782c5d343f716b6c2f87 Solus-4.0-GNOME.iso
84ad3114a6581dab8eff6399c3f78e677042ad1cf5cd2f462825a2c596f7d5be Solus-4.0-MATE.iso
efb9c380e088e2e9ff723009e8bbe2f411ba369153c308fc81f03c1b96aece49 Solus-Plasma-Testing.iso

JoshStrobl

Should be resolved now. I'd appreciate if you could import the renewed public key from the download page and validate it against the existing .sign and .sha256sum files. They should be OK without me re-signing them but I'll happily do so if it happens I'm not correct.

Still reports for me as a valid signature:

gpg: Signature made Sun 17 Mar 2019 10:03:03 PM EET
gpg:                using RSA key 96B4A0291094A86A2B7E3367DD672FE9A2BE5892
gpg: Good signature from "Joshua Strobl (Personal) <joshua@stroblindustries.com>" [ultimate]

downhill

JoshStrobl Will do, but only for the Budgie ISO. Update: They're good for Budgie.