[
https://issues.apache.org/jira/browse/SOLR-16196?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17538728#comment-17538728
]
Jan Høydahl commented on SOLR-16196:
------------------------------------
Thanks for this. As an aside, I had forgotten to update my GPG key in Sol's
KEYS file, so the one there exprired in 2019. Even so, the 9.0 release was
completed, including dockerfile. So probably we used public key servers
everywhere to pull my RM key based on key id.
So a side effect of this issue is that we'll get at least one validation in the
release process that the RM's key in KEYS file is up to date and valid..?
I have since pushed a commit to KEYS file with my current gpg key.
> Use the Solr KEYS file for the official Dockerfile
> --------------------------------------------------
>
> Key: SOLR-16196
> URL: https://issues.apache.org/jira/browse/SOLR-16196
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Docker
> Affects Versions: 9.0
> Reporter: Houston Putman
> Assignee: Houston Putman
> Priority: Major
> Fix For: 9.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Currently the official Dockerfile uses public GPG key servers to verify the
> release artifacts. We can instead use the solr keys file:
> https://downloads.apache.org/solr/KEYS
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
