v4.29 public gpg key missing @ keyserver
pgnd opened this issue · comments
@rurban for new 4.29 release, no public key's available at keyserver
possibly keyserver propagation probs, but just in case,
cd Cpanel-JSON-XS-4.29
cpansign -v
Executing gpg --verify --batch --no-tty --keyserver=hkp://keys.gnupg.net:11371 /tmp/RozmAdlfcV
gpg: Signature made Fri 27 May 2022 11:31:53 AM EDT
gpg: using RSA key 2895A881D34270FABFE8F747B4F63339E65D6414
gpg: requesting key 0xB4F63339E65D6414 from hkp://keys.gnupg.net:11371
gpg: Can't check signature: No public key
==> Signature verified OK! <==
and, changing key server,
cpansign -v
Executing gpg --verify --batch --no-tty --keyserver=hkp://keys.openpgp.org:443 --keyserver-options=auto-key-retrieve /tmp/7l2ZlB_vJs
gpg: Signature made Fri 27 May 2022 11:31:53 AM EDT
gpg: using RSA key 2895A881D34270FABFE8F747B4F63339E65D6414
gpg: requesting key 0xB4F63339E65D6414 from hkp://keys.openpgp.org:443
gpg: Can't check signature: No public key
==> BAD/TAMPERED signature detected! <==
yup. depends where you look :-/
cpansign -v
Executing gpg --verify --batch --no-tty --keyserver=hkp://keyserver.ubuntu.com:443 --keyserver-options=auto-key-retrieve /tmp/heayy2R76L
gpg: Signature made Fri 27 May 2022 11:31:53 AM EDT
gpg: using RSA key 2895A881D34270FABFE8F747B4F63339E65D6414
gpg: Good signature from "Reini Urban <reini.urban@gmail.com>" [expired]
gpg: aka "Reini Urban <rurban@cpan.org>" [expired]
gpg: aka "[jpeg image of size 7578]" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: 2895 A881 D342 70FA BFE8 F747 B4F6 3339 E65D 6414
==> Signature verified OK! <==
ll previous keyserver went offline when I proudced my new subkey, so I disabled them.
Now some of them went back online, I submitted it to some of them now.
pgp.surf.nl (via keys.gnupg.net), keyserver.ubuntu.com