Closed jmroot closed 1 month ago
Hi @jmroot , thanks for pointing that out. We lost the previous key when my workstation was re-imaged. I've uploaded the new one to hkps://keys.openpgp.org.
@jan-wassenberg Thanks. It would also be good to either list the key fingerprint in the docs, or include a link like https://keys.openpgp.org/vks/v1/by-fingerprint/14D827B22124EB2FE748C3B6EE0F9065BCB8B678.
Unfortunately the new key is still not available on other servers, like pgp.mit.edu or keyserver.ubuntu.com (GnuPG default):
$ gpg --recv-keys EE0F9065BCB8B678
gpg: keyserver receive failed: No data
Please upload there as well as keys.openpgp.org does not synchronize. @jan-wassenberg
Unfortunately the new key is still not available on other servers, like pgp.mit.edu or keyserver.ubuntu.com (GnuPG default):
I've uploaded it to both now (everyone can)
Thank you :) Would you like to send a pull request to update https://github.com/google/highway/blob/master/g3doc/release_testing_process.md for the desired process? Maybe also add the link jmroot posted above?
@jan-wassenberg Still getting
$ gpg --verify highway-1.2.0.tar.gz.asc highway-1.2.0.tar.gz
gpg: Signature made Fri May 31 20:28:21 2024 CEST
gpg: using RSA key 14D827B22124EB2FE748C3B6EE0F9065BCB8B678
gpg: BAD signature from "Jan Wassenberg <janwas@google.com>" [unknown]
The usual key servers don't appear to have the key used to sign highway releases:
I also couldn't find anything in the documentation about where to obtain the key. Could that please be added?