Closed RyanHoldren closed 2 years ago
Thanks for flagging this. I was a bit surprised, because I thought I'd uploaded the key and that OSSRH needed to be able to access the key in order to validate the release. In any case, I uploaded the key to keys.openpgp.org (again?) just now, and verified that https://keys.openpgp.org/search?q=AC7A514BC9F9BB70 returns a meaningful result.
What version of OpenCensus are you using?
0.31.0
What JVM are you using (
java -version
)?It's not really applicable, but we are using...
What did you do?
We are using dependency verification in Gradle and we ran into an issue. Gradle cannot find your public key on any of the default key servers.
I am looking at the signature of the POM file via
gpg -vv
and it references a key with an id ofAC7A514BC9F9BB70
.What did you expect to see?
I see that your documentation for releasing instructs maintainers to publish their public key, but I manually checked all the common key servers and none of them have
AC7A514BC9F9BB70
.It should have been published on at least one (ideally all) of Gradle's default key servers and ideally on your website as well.
In the meantime, it is easy to workaround this issue in Gradle by explicitly ignoring the key.