Alert to Kali Linux admins: Get the new signing key or no distro updates for you

Posted on by

This isn’t the first time Kali has had a signing key problem, noted Robert Beggs, head of Canadian penetration testing and incident response provider DigitalDefence. In 2018, a key was allowed to expire.

 “It’s a minor blip,” he said in an interview, “that’s easy to overcome” by typing in a line of code, as detailed in the Kali blog.

Loss of signing keys is “very uncommon” among application vendors, he said, “because this is an enterprise level project where someone should be managing a group of people together. The fact that it happened twice [at Kali] suggests they just don’t have central management. It [loss of the key] doesn’t make the product worse, doesn’t denigrate the excellent work they’re putting in. It just says that the central management piece is absent.”