Recently users have had trouble verifying tzdb releases because they could not obtain the GPG public key that I use to sign the releases. These problems stem from the denial-of-service attacks on public keyservers last year, combined with my extending the expiration of my longstanding public key, which had been due to expire in August. The expiration-date extension had problems propagating to public keyservers that use the traditional method of key distribution. To try to help ameliorate this problem I recently did two things. First, I uploaded my public key to the development repository on GitHub. You can now use <https://github.com/eggert/tz/tags> to verify every tzdb release starting with 2012e. (Older releases are not tagged, as discussed in the 2013f NEWS entry.) Second, at my suggestion the UCLA Computer Science Department has added WKD support to cs.ucla.edu, and you can now verify my key independently via WKD. See an example below for how to do this. In the longer term, the IANA have been working on a way to have IANA authorities sign distributions, and eventually we hope to have something implemented along those lines. Thanks to Phil Pennock for his suggestions and help in improving the process of verifying tzdb distributions. PS. For more about last year's denial-of-service attacks and the use of WKD instead of traditional public keyservers, please see: Osborne C. PGP SKS key network poisoned by unknown hackers. ZDNet. 2019-07-04. https://www.zdnet.com/article/openpgp-flooded-with-spam-by-unknown-hackers/ Koch W. OpenPGP Web Key Directory. Active Internet-Draft. 2020-05-26. https://datatracker.ietf.org/doc/draft-koch-openpgp-webkey-service/ What is a Web Key Directory? GnuPG e.V. 2020-07-06. https://wiki.gnupg.org/WKD PPS. Here is one way to verify a key via WKD, using the 'gpg' shell command. You'll need a recent-enough GnuPG: version 2.1.23 (2017-08-23) or later should suffice. $ gpg --auto-key-locate wkd --locate-keys eggert@cs.ucla.edu gpg: key ED97E90E62AA7E34: public key "Paul Eggert <eggert@cs.ucla.edu>" imported gpg: Total number processed: 1 gpg: imported: 1 gpg: no ultimately trusted keys found pub rsa4096 2010-09-03 [SC] [expires: 2021-08-31] 7E3792A9D8ACF7D633BC1588ED97E90E62AA7E34 uid [ unknown] Paul Eggert <eggert@cs.ucla.edu> sub rsa4096 2010-09-03 [E] [expires: 2021-08-31]