Can not find GPG key ID: DCA40B7128DA62A8 on any pgp key server

ElementsProject / lightning

Core Lightning — Lightning Network implementation focusing on spec compliance and performance

Other

2.86k stars 906 forks source link

Can not find GPG key ID: DCA40B7128DA62A8 on any pgp key server #7743

Closed overcoin closed 4 weeks ago

overcoin commented 1 month ago

v24.08 is signed by ShahanaFarooqui. This tag was signed with the committer’s verified signature but I can not find GPG key ID: DCA40B7128DA62A8 on any pgp key server.

cdecker commented 4 weeks ago

All Keys used for signatures by maintainers are stored here: https://github.com/ElementsProject/lightning/tree/master/contrib/keys

overcoin commented 4 weeks ago

There are 6 keys stored there. The key mentioned above is the only one that can not be found on public pgp servers. Decentralized architecture of key servers provide a more frictionless way to help secure communications and files we download. To rely only on the goodwill of the owner of github.com is not very far-sighted.

ShahanaFarooqui commented 1 week ago

@overcoin, my release and tag signing keys are already available in contrib/keys/sfarooqui.txt.

The latest release has been signed with a new key, A327573C97589BF5, which is already available on several key servers. I just uploaded my tag signing key, DCA40B7128DA62A8, to keyserver.ubuntu.com, pgp.mit.edu, and hkps://keys.openpgp.org.