-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Not working release-key import #39114
Comments
Also reported at nodejs/docker-node#1500 |
Should we update our README with instructions to pool from ubuntu or openpgp as suggested here? |
Nowadays, https://keys.openpgp.org is the best keyserver to use (IMHO). As long as the Node.js release engineers don't verify their e-mail addresses I can think of only two suitable ways to fetch the public keys from https://keys.openpgp.org:
source: https://keys.openpgp.org/about/faq#older-gnupg
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 4ED778F539E3634C779C87C6D7062848A1AB005C
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 94AE36675C464D64BAFA68DD7434390BDBE9B9C5
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 74F12602B6F1C4E913FAA37AD3A89613643B6201
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys DD8F2338BAE7501E3DD5AC78C273792F7D83545D
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys A48C2BEE680E841632CD4E44F07496B3EB3C1762
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 108F52B48DB57BB0CC439B2997B01419BD92F80A
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys B9E2F5981AA6E0CD28160D9FF13993A75599653C
gpg --keyserver hkps://keys.openpgp.org --refresh-keys I am doing a
curl -fsSL --tlsv1.3 --proto '=https' https://keys.openpgp.org/vks/v1/by-fingerprint/4ED778F539E3634C779C87C6D7062848A1AB005C | gpg --import
curl -fsSL --tlsv1.3 --proto '=https' https://keys.openpgp.org/vks/v1/by-fingerprint/94AE36675C464D64BAFA68DD7434390BDBE9B9C5 | gpg --import
curl -fsSL --tlsv1.3 --proto '=https' https://keys.openpgp.org/vks/v1/by-fingerprint/74F12602B6F1C4E913FAA37AD3A89613643B6201 | gpg --import
curl -fsSL --tlsv1.3 --proto '=https' https://keys.openpgp.org/vks/v1/by-fingerprint/71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 | gpg --import
curl -fsSL --tlsv1.3 --proto '=https' https://keys.openpgp.org/vks/v1/by-fingerprint/8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 | gpg --import
curl -fsSL --tlsv1.3 --proto '=https' https://keys.openpgp.org/vks/v1/by-fingerprint/C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 | gpg --import
curl -fsSL --tlsv1.3 --proto '=https' https://keys.openpgp.org/vks/v1/by-fingerprint/C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C | gpg --import
curl -fsSL --tlsv1.3 --proto '=https' https://keys.openpgp.org/vks/v1/by-fingerprint/DD8F2338BAE7501E3DD5AC78C273792F7D83545D | gpg --import
curl -fsSL --tlsv1.3 --proto '=https' https://keys.openpgp.org/vks/v1/by-fingerprint/A48C2BEE680E841632CD4E44F07496B3EB3C1762 | gpg --import
curl -fsSL --tlsv1.3 --proto '=https' https://keys.openpgp.org/vks/v1/by-fingerprint/108F52B48DB57BB0CC439B2997B01419BD92F80A | gpg --import
curl -fsSL --tlsv1.3 --proto '=https' https://keys.openpgp.org/vks/v1/by-fingerprint/B9E2F5981AA6E0CD28160D9FF13993A75599653C | gpg --import 🤔 Four public keys are causing problems: curl -fsSL --tlsv1.3 --proto '=https' https://keys.openpgp.org/vks/v1/by-fingerprint/71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 | gpg --import
curl -fsSL --tlsv1.3 --proto '=https' https://keys.openpgp.org/vks/v1/by-fingerprint/94AE36675C464D64BAFA68DD7434390BDBE9B9C5 | gpg --import
curl -fsSL --tlsv1.3 --proto '=https' https://keys.openpgp.org/vks/v1/by-fingerprint/A48C2BEE680E841632CD4E44F07496B3EB3C1762 | gpg --import
curl -fsSL --tlsv1.3 --proto '=https' https://keys.openpgp.org/vks/v1/by-fingerprint/B9E2F5981AA6E0CD28160D9FF13993A75599653C | gpg --import ... results in:
|
I think the release engineers should push their public keys to https://keys.openpgp.org/ and verify their e-mail addresses. Alternatively, the Node.js project could host their own keyserver like the people from the Gentoo Linux project: |
Fixed in #39227 |
What steps will reproduce the bug?
How often does it reproduce? Is there a required condition?
What is the expected behavior?
What do you see instead?
Additional information
The text was updated successfully, but these errors were encountered: