You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The release should be signed with the offered signing key.
Actual behaviour
The release was signed with a new key, that has not been published on the website.
$ gpg --verify nextcloud-19.0.3.tar.bz2.asc
gpg: assuming signed data in 'nextcloud-19.0.3.tar.bz2'
gpg: Signature made Wed Sep 9 13:45:51 2020 CEST
gpg: using RSA key A438DC095967A1F11601CC42B69CB7F1069B3399
gpg: Can't check signature: No public key
The text was updated successfully, but these errors were encountered:
The download website at https://nextcloud.com/install/#instructions-server references the signature key at https://nextcloud.com/nextcloud.asc. The fingerprint for this key is:
2880 6A87 8AE4 23A2 8372 792E D758 99B9 A724 937A
and all releases except 19.0.3 have been signed with this key. However, the tarball https://download.nextcloud.com/server/releases/nextcloud-19.0.3.tar.bz2 and the respective detached signature from https://download.nextcloud.com/server/releases/nextcloud-19.0.3.tar.bz2.asc have been signed withA438DC095967A1F11601CC42B69CB7F1069B3399
.Steps to reproduce
gpg --verify nextcloud-19.0.3.tar.bz2.asc
Expected behaviour
The release should be signed with the offered signing key.
Actual behaviour
The release was signed with a new key, that has not been published on the website.
The text was updated successfully, but these errors were encountered: