Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GPG key verification failure #56690

Open
loozhengyuan opened this issue Jan 22, 2025 · 1 comment
Open

GPG key verification failure #56690

loozhengyuan opened this issue Jan 22, 2025 · 1 comment

Comments

@loozhengyuan
Copy link

loozhengyuan commented Jan 22, 2025
edited
Loading

Issue

Earlier today, some of our Node.js install scripts stopped working because a portion of the listed keys on nodejs/release-keys are no longer available on keys.openpgp.org.

$ gpg --keyserver hkps://keys.openpgp.org --recv-keys 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 # James M Snell
gpg: keyserver receive failed: No data
$ gpg --keyserver hkps://keys.openpgp.org --recv-keys A48C2BEE680E841632CD4E44F07496B3EB3C1762 # Ruben Bridgewater
gpg: keyserver receive failed: No data
$ gpg --keyserver hkps://keys.openpgp.org --recv-keys 1C050899334244A8AF75E53792EF661D867B9DFA # Danielle Adams
gpg: keyserver receive failed: No data
$ gpg --keyserver hkps://keys.openpgp.org --recv-keys 9554F04D7259F04124DE6B476D5A82AC7E37093B # Chris Dickinson
gpg: keyserver receive failed: No data
$ gpg --keyserver hkps://keys.openpgp.org --recv-keys 77984A986EBC2AA786BC0F66B01FBB92821C587A # Gibson Fahnestock
gpg: keyserver receive failed: No data
$ gpg --keyserver hkps://keys.openpgp.org --recv-keys 93C7E9E91B49E432C2F75674B0A78B0A6C481CF6 # Isaac Z. Schlueter
gpg: keyserver receive failed: No data
$ gpg --keyserver hkps://keys.openpgp.org --recv-keys 56730D5401028683275BD23C23EFEFE93C4CFFFE # Italo A. Casas
gpg: keyserver receive failed: No data
$ gpg --keyserver hkps://keys.openpgp.org --recv-keys FD3A5288F042B6850C66B31F09FE44734EB7990E # Jeremiah Senkpiel
gpg: keyserver receive failed: No data
$ gpg --keyserver hkps://keys.openpgp.org --recv-keys 114F43EE0176B71C7BC219DD50A3051F888C628D # Julien Gilli
gpg: keyserver receive failed: No data
$ gpg --keyserver hkps://keys.openpgp.org --recv-keys 7937DFD2AB06298B2293C3187D33FF9D0246406D # Timothy J Fontaine
gpg: keyserver receive failed: No data
$ gpg --keyserver hkps://keys.openpgp.org --recv-keys 61FC681DFB92A079F1685E77973F295594EC4689 # Juan José Arboleda
gpg: keyserver receive failed: No data

We fetch all keys from nodejs/release-keys and has been doing so successfully until today.

Most of these are keys that are also signing keys for older releases. At least some of these keys (I didn't check all) are still available on keyserver.ubuntu.com.

Question

  1. Were these keys removed from keys.openpgp.org?
  2. The signing keys listed on nodejs/release-keys and nodejs/node are not consistent with one another. Which set should we be using?
@marco-ippolito
Copy link
Member

cc @nodejs/releasers

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@loozhengyuan @marco-ippolito