23.05.0 stable release builds signed with wrong PGP key?

I'm getting "The page you are looking for is temporarily unavailable" on the main site at the moment, but unless I'm totally mistaken, the stable builds of 23.05.0 are signed with the "PGP key for unattended snapshot builds".

Furthermore, the page doesn't list any signing key for the 23.05 series, and was last modified in April. From past threads it seems like this isn't the first time that the page is lacking up-to-date keys. Given the security implications, shouldn't the pubkeys always be available at the time of announcement of a new release?

https://openwrt.org/guide-user/security/signatures

There is nowadays a combined buildbot instance for main/master, 23.05 and 22.03 images. Possibly the key signing logic just uses the default key for all those branches...

cc @hauke

1 Like