Skip to content

GPG key verification failure #56690

New issue
New issue
Open
Open
GPG key verification failure#56690
Labels
releaseIssues and PRs related to Node.js releases.release-agendaIssues and PRs to discuss during the meetings of the Release team.
@loozhengyuan

Description

@loozhengyuan
loozhengyuan
opened on Jan 22, 2025

Issue

Earlier today, some of our Node.js install scripts stopped working because a portion of the listed keys on nodejs/release-keys are no longer available on keys.openpgp.org.

$ gpg --keyserver hkps://keys.openpgp.org --recv-keys 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 # James M Snell
gpg: keyserver receive failed: No data
$ gpg --keyserver hkps://keys.openpgp.org --recv-keys A48C2BEE680E841632CD4E44F07496B3EB3C1762 # Ruben Bridgewater
gpg: keyserver receive failed: No data
$ gpg --keyserver hkps://keys.openpgp.org --recv-keys 1C050899334244A8AF75E53792EF661D867B9DFA # Danielle Adams
gpg: keyserver receive failed: No data
$ gpg --keyserver hkps://keys.openpgp.org --recv-keys 9554F04D7259F04124DE6B476D5A82AC7E37093B # Chris Dickinson
gpg: keyserver receive failed: No data
$ gpg --keyserver hkps://keys.openpgp.org --recv-keys 77984A986EBC2AA786BC0F66B01FBB92821C587A # Gibson Fahnestock
gpg: keyserver receive failed: No data
$ gpg --keyserver hkps://keys.openpgp.org --recv-keys 93C7E9E91B49E432C2F75674B0A78B0A6C481CF6 # Isaac Z. Schlueter
gpg: keyserver receive failed: No data
$ gpg --keyserver hkps://keys.openpgp.org --recv-keys 56730D5401028683275BD23C23EFEFE93C4CFFFE # Italo A. Casas
gpg: keyserver receive failed: No data
$ gpg --keyserver hkps://keys.openpgp.org --recv-keys FD3A5288F042B6850C66B31F09FE44734EB7990E # Jeremiah Senkpiel
gpg: keyserver receive failed: No data
$ gpg --keyserver hkps://keys.openpgp.org --recv-keys 114F43EE0176B71C7BC219DD50A3051F888C628D # Julien Gilli
gpg: keyserver receive failed: No data
$ gpg --keyserver hkps://keys.openpgp.org --recv-keys 7937DFD2AB06298B2293C3187D33FF9D0246406D # Timothy J Fontaine
gpg: keyserver receive failed: No data
$ gpg --keyserver hkps://keys.openpgp.org --recv-keys 61FC681DFB92A079F1685E77973F295594EC4689 # Juan José Arboleda
gpg: keyserver receive failed: No data

We fetch all keys from nodejs/release-keys and has been doing so successfully until today.

Most of these are keys that are also signing keys for older releases. At least some of these keys (I didn't check all) are still available on keyserver.ubuntu.com.

Question

  1. Were these keys removed from keys.openpgp.org?
  2. The signing keys listed on nodejs/release-keys and nodejs/node are not consistent with one another. Which set should we be using?

Metadata

Metadata

Assignees

No one assigned

    Labels

    releaseIssues and PRs related to Node.js releases.release-agendaIssues and PRs to discuss during the meetings of the Release team.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions