[π Feature]: Publish updated key used to sign artifacts published to CentralΒ #15502
Description
Feature and motivation
I've sent following as e-mail previously (21 Jun 2024) but got no response:
Hello Titus
I'm seeing this discrepancy:
$ gpg org/seleniumhq/selenium/selenium-api/4.22.0/selenium-api-4.22.0.jar.asc
gpg: WARNING: no command supplied. Trying to guess what you mean ...
gpg: assuming signed data in
'org/seleniumhq/selenium/selenium-api/4.22.0/selenium-api-4.22.0.jar'
gpg: Signature made Thu 20 Jun 2024 22:24:25 CEST
gpg: using RSA key F23E6F40ED06B8E0B269523C0DE2A6EBAF6DB53F
gpg: Good signature from "Titus Fortner <[[email protected]](mailto:[email protected])>" [expired]
gpg: Note: This key has expired!
$ gpg --list-public-keys F23E6F40ED06B8E0B269523C0DE2A6EBAF6DB53F
pub rsa2048 2020-03-26 [SC] [expired: 2022-03-26]
F23E6F40ED06B8E0B269523C0DE2A6EBAF6DB53F
uid [ expired] Titus Fortner <[[email protected]](mailto:[email protected])>
sub rsa2048 2020-03-26 [E] [expired: 2022-03-26]
Key expired: 2022-03-26
Signature made: 2024-06-20Can you share the updated [I suppose] key, please?
I've consulted keyserver.ubuntu.com and keywin.trifence.ch but
there is no newer version available there.
For 4.30.0 I'm getting similar results.
Checked hkps://pgp.surfnet.nl hkps://keyserver.ubuntu.com hkps://keys.openpgp.org hkps://pgpkeys.eu for key updates but got none.
Usage example
I could verify signatures w/o warnings about expired key.