Problem again with new GPG key during update / upgrade!

Every few years (usually at release change) the GPG key is changed and you have to announce it again under debian based operating systems.
My biggest problem: I have not found an external source where the new GPG keys are confirmed, e.g. with signatures.
Was the old key revoked at the same time?

Normally the GPG keys should be verified to prevent hackers from distributing manipulated software with fake keys.
At least the INSTALL.sh script does not do this.
https://download.owncloud.com/desktop/ownCloud/stable/latest/linux/Debian_11/

Is there a source for the key signatures somewhere outside the download server where only Owncloud developers have access? e.g. on the homepage https://owncloud.com/

Will be added…

ownCloud team uploads to external key servers with every release, but this seems do don’t solve the problem.

2 Likes