-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't find release gpg key #458
Comments
Hey @mdbooth, you can find the key on keys.openpgp.org: |
Thanks! It would be good to see it posted somewhere canonical. Not 100% sure what the best practise is, but maybe:
|
This issue has been marked as stale because it has not had recent activity. The bot will close the issue if no further action occurs. |
This issue has been marked as stale because it has not had recent activity. The bot will close the issue if no further action occurs. |
Quick info: GPG can't verify the checksum file anymore. Tested with release
|
Should be fixed in 1.38.3 |
@apricote would you and the team be open to a patch that allows signing our artifacts using cosign? I think this way we will avoid having problems with importing GPG keys. |
I see
checksums.txt
has a detached signature in the release artifacts, which is great. However, I can't find the key anywhere to verify it. Is it published somewhere?Possibly related to #120 and #209.
Could the key be posted somewhere obvious? Apologies if it is and I've just missed it!
The text was updated successfully, but these errors were encountered: