DEB.SURY.ORG Updated the Signing Key (March 2019)

Posted on March 18, 2019 at 3:22 pm

On 18 March 2019 Ondřej announced that he changed the signing key:

https://www.patreon.com/posts/dpa-new-signing-25451165

I was informed that the current DPA signing key DF3D585DB8F0EB658690A554AC0E47584A7A714D was present on the server maintained by an other user of the repositories that got compromised. I do not believe that the users of the packages.sury.org repositories are at any risk because launching attack on the APT repositories using a compromised key would require also attacking other components in the path (HTTPS certificate and DNSSEC), but nevertheless, I have generated a new GPG key to sign the repositories with: 15058500A0235D97F5D10063B188E2B695BD4743.

To update the APT signing key do as follow:

rm -f /etc/apt/trusted.gpg.d/php.gpg
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
apt-get update

Receive updates via email

Other Posts

Updated Posts