Current release channel linux build is not signed with the advertised signing key

The current release build brave-browser-1.10.93-1.x86_64.rpm is signed key id 82d3dc6c, which does not match either of the public key fingerprints on or on the linux installation page. Those fingerprints are c2d4e821 (brave-core) and 6a8a26f9 (brave-core-nightly) respectively.

Searching through community posts I see this isn’t the first time the signing key has changed. Do you guys not have some consistent process for publishing the new public keys when they change? Because I can’t find it.

Update: I see that there is a brave-keyring rpm in the same repository. It doesn’t contain the public key the package was signed with itself either!

That happend to me in Ubuntu Linux x64. My problem was produced because during the upgrade to ubuntu 20.04. To solve it, I remove the old repository, re-add the repository and key again. Then, when I did the ‘apt-get update && apt-get upgrade’, everything was perfect.

I wasn’t talking about the Ubuntu repository. The ubuntu package isn’t even signed. The ubuntu repository is signed (and it appears to be signed with the correct key), but not the individual packages. That’s typical. But RPMs are all individually signed and the current one is not signed with the correct key.

Please don’t make my report confusing by adding irrelevant details. I was very specific about which package was mis-signed.

sure. you’re welcome.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.