On Sun, Apr 3, 2022 at 2:43 PM Daniel Sahlberg <daniel.l.sahlb...@gmail.com> wrote: > > Den sön 3 apr. 2022 kl 19:55 skrev Mark Phippard <markp...@gmail.com>: >> >> On Sun, Apr 3, 2022 at 1:40 PM Daniel Sahlberg >> <daniel.l.sahlb...@gmail.com> wrote: >> >> > It seems to be a problem mostly related to my key. I can't get the >> > committer signature list [1] to include my key (and thus the script >> > doesn't download it to the KEYS file). >> >> FWIW, I think you can sign the release even if you are not in KEYS. We >> can also add you manually. >> >> Could it be as simple as your fingerprint in Apache LDAP needs the spaces? > > > I can't find the reference again but there were stated somewhere that spaces > within the string was not required. For example danielsh has a fingerprint > without spaces. > >> >> I see dsahlberg 4FFCB55C0D0D9343CFB4611F28DB47329CFFDC63 - key not found >> >> And most of the other people (but not all) have spaces in their fingerprint. >> >> FWIW, I could manually import your key using the server you indicated >> but not the MIT server. >> >> $ gpg --keyserver pgp.mit.edu --recv-key >> 4FFCB55C0D0D9343CFB4611F28DB47329CFFDC63 >> gpg: keyserver receive failed: No data >> $ gpg --keyserver keys.openpgp.org --recv-key >> 4FFCB55C0D0D9343CFB4611F28DB47329CFFDC63 >> gpg: key 28DB47329CFFDC63: public key "Daniel Sahlberg >> <dsahlb...@apache.org>" imported >> gpg: Total number processed: 1 >> gpg: imported: 1 >> >> I am not sure how the ASF fetches the key. Maybe you need to upload it >> somewhere else? > > > Infra explicitly recommends using keys.openpgp.org [1]. > >> >> If it gets worked out I can update the KEYS file. >> >> Mark > > > Thanks for your help in resolving this issue. Let's see if there is any > change tonight when the list is updated again.
Yeah, we have some time to try to find a solution. That said, you do not need to hesitate on signing the release ... if it meets your criteria. This KEYS stuff does not have to work for you to sign the release. Just add your signature to the .asc file and you can export and email your public key ... or just add it to the subversion.keys file yourself. It would be nice if it were on the Apache list and keyserver but it does not need to block us. Mark
