Major
Hi Infra,
After creating a new release and uploading it to maven central, I can't "close" it this morning. This is because it can't find my public key to verify the signatures on the artifacts:
failureMessage No public key: Key with id: (67bf80b10ad53983) was not able to be located on http://gpg-keyserver.de/. Upload your public key and try the operation again.
failureMessage No public key: Key with id: (67bf80b10ad53983) was not able to be located on http://pool.sks-keyservers.net:11371. Upload your public key and try the operation again.
failureMessage No public key: Key with id: (67bf80b10ad53983) was not able to be located on http://pgp.mit.edu:11371. Upload your public key and try the operation again.
However I think the process we are using here is flawed:
a) http://gpg-keyserver.de/ does not resolve
b) When you search on "http://pool.sks-keyservers.net:11371" (e.g. https://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x67BF80B10AD53983) you get an SSL error:
pool.sks-keyservers.net:11371 uses an invalid security certificate. The certificate is only valid for pgpkeys.urown.net
c) The MIT site is currently giving a 503: http://pgp.mit.edu:11371/pks/lookup?search=Colm&op=index
Maybe the MIT will be back up by the time someone checks this JIRA - but the process is flawed, as (a) and (b) appear to be broken - so we are always relying on one site to be up.
*edit* I was able to close the release later on. I think my point still stands though about the lack of redundancy. Feel free to close this JIRA if you disagree.
After creating a new release and uploading it to maven central, I can't "close" it this morning. This is because it can't find my public key to verify the signatures on the artifacts:
failureMessage No public key: Key with id: (67bf80b10ad53983) was not able to be located on http://gpg-keyserver.de/. Upload your public key and try the operation again.
failureMessage No public key: Key with id: (67bf80b10ad53983) was not able to be located on http://pool.sks-keyservers.net:11371. Upload your public key and try the operation again.
failureMessage No public key: Key with id: (67bf80b10ad53983) was not able to be located on http://pgp.mit.edu:11371. Upload your public key and try the operation again.
However I think the process we are using here is flawed:
a) http://gpg-keyserver.de/ does not resolve
b) When you search on "http://pool.sks-keyservers.net:11371" (e.g. https://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x67BF80B10AD53983) you get an SSL error:
pool.sks-keyservers.net:11371 uses an invalid security certificate. The certificate is only valid for pgpkeys.urown.net
c) The MIT site is currently giving a 503: http://pgp.mit.edu:11371/pks/lookup?search=Colm&op=index
Maybe the MIT will be back up by the time someone checks this JIRA - but the process is flawed, as (a) and (b) appear to be broken - so we are always relying on one site to be up.
*edit* I was able to close the release later on. I think my point still stands though about the lack of redundancy. Feel free to close this JIRA if you disagree.