tip: If you install the newly released Gitea 1.16.9 and get the following error message when verifying the signature of the binary:

gpg: Note: This key has expired!

It does not necessarily mean that it was compromised. The cryptographic key used to sign releases expired a few weeks ago and was not renewed yet.

If you run a highly sensitive Gitea instance (I know of at least two), you may want to wait until a new signature is issued.



Authored by @dachary

· · Web · 0 · 1 · 0
Sign in to participate in the conversation

A newer server operated by the Mastodon gGmbH non-profit