On Sun, Apr 3, 2022 at 11:22 AM Julian Foad <jul...@foad.me.uk> wrote: > > > I'm in the middle of the > > process of testing, however I have some trouble with the gpg keys [...] > > Me too. It appears I need to update my configured keyserver. Then maybe fetch > keys and then maybe the checking will work. That's based on, so far, finding > that checking existing keys fails due to unreachable key server, and then > reading > <https://unix.stackexchange.com/questions/656205/sks-keyservers-gone-what-to-use-instead>
I am curious what you are doing ... simply because PGP has always been a mystery to me. When I used to sign releases I recall that all I did was take the option to verify the signature was valid. Maybe that was gpg --verify? I never had a web of trust so that was all I could do and I do not recall if we even had a KEYS file back then as this was mostly before the move to ASF. Here is the other info I can share that may be relevant: 1. The KEYS file is from the script that was shared. 2. I had to create a new GPG key. I noticed it gave me one of the newer elliptic curve keys. Maybe not all versions of OpenPGP can handle these? 3. I uploaded it to the MIT keyserver as per something I read in the ASF committer docs ... Actually looking at history I did this: gpg --send-key EC25FCC105618D04ADB43429C4416167349A3BCB 4. I updated my fingerprint in ASF LDAP Since I just created this key a couple weeks ago if it is better that I generate a new key, re-sign the release and upload new signatures just let me know what to do. Also: gpg --version gpg (GnuPG) 2.3.4 libgcrypt 1.10.0 Copyright (C) 2021 Free Software Foundation, Inc. License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: /Users/markphip/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 AEAD: EAX, OCB Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 and gpg --list-keys /Users/markphip/.gnupg/pubring.kbx ---------------------------------- pub ed25519 2022-03-21 [SC] EC25FCC105618D04ADB43429C4416167349A3BCB uid [ultimate] Mark Phippard <markp...@apache.org> Mark
