Debian repository no longer signed

[pichi]

$ sudo apt-get update
...
E: The repository 'http://dl.bintray.com/rabbitmq/debian bionic Release' is no longer signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
$ sudo apt-key list
...
pub   rsa4096 2016-05-17 [SC]
      0A9A F211 5F46 87BD 2980  3A20 6B73 A36E 6026 DFCA
uid           [ unknown] RabbitMQ Release Signing Key <info@rabbitmq.com>
sub   rsa4096 2016-05-17 [E]
...

It stopped to work today. I have checked https://www.rabbitmq.com/install-debian.html if there is some key update but seen https://github.com/rabbitmq/signing-keys/releases/download/2.0/rabbitmq-release-signing-key.asc which I have downloaded to realize it is same what I already have.

[michaelklishin]

Duplicate of #1996.

[michaelklishin]

Bintray reindexes Debian repositories every time a version is released, a package added or removed (we removed Erlang packages from the main org today). This involves a window of unavailability of the Debian repository on Bintray that Team RabbitMQ has no control over or visibility into. It takes up to 30 minutes most likely because we have a lot of packages published for about 10 distributions and dozens of versions in the archive. Our guess is that all of them are reindexed in bulk.

Please contact JFrog support to voice your concerns or use repositories on PackageCloud.

[michaelklishin]

We have republished 3.7.14 Debian package from Concourse to retrigger reindexing once again. It seems to be in progress but we have no visibility and cannot offer any kind of ETA :(

[michaelklishin]

Reindexing seems to have finished:

curl https://dl.bintray.com/rabbitmq/debian/dists/bionic/Release.gpg
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.53

iQIcBAABCAAGBQJcyIZVAAoJEGtzo25gJt/KI4YP/iziULkPsl/F+Ti8ux4w54EK
SaLJiOAYpSSb/33UYuynzW9Cjl77iplW9e/q7sd0RIHKfPXDIHSBOHgBE29+bXe8
MVETSXpFWlWEvuxh02Zcqj3Y7GDC+icUTQT4UuakoJ1RPxdZl2B9CCHdAXRgYEBF
NQ/rbt8p1onxQ7yzwri0A4u2ORE7lwVPvtpPrt474yp87I6jlYsV/Ptg52H3uYuH
AsCTMEHA9+8XiXaWyrmnj25ZVvz3gz/z1UG1ZoIF0PoIlrJlHpgWufKioDnv8WQV
SWohATzZN6XULPvkpDPnVbkypJiA50KTUXZRUFHXBZBdOTOfvZsNoeGjIVZKLdSz
2TBVL89ET5qhTzubLqSSJztwIf5HXrkSxjeiNXgFro53De1YAD2C2Fw7K9TAVp1j
KwYlPd4GgqsE/4ADQoJANKvWSHOPYq1OUiQacOk2ldWL6/MJI5LZsainYd99O4T8
Xb3Y/LOwXxQj2DVZi4YKqhRnrdEaOf/g7GI4WG6YmkK50Yp3QUiMSB8VvxW+WE/2
HloV+cPm05xXaxB7fYCMe7j4rCOz9MsY5ixnhjAcoF6pz+cDexe9MV1ksd0IwWaz
DQ0hpf9rZ0r+a67UxoIMFg13xw8g/sNh3qQ7Gv+r7fAjy5SDdGk1Wr9VIUNf2rZO
fd+GKGFXLnIrMb020OOQ
=4s0+
-----END PGP SIGNATURE-----