zhaijack commented on issue #420: Issue 419: dockerfile - auto verify asc file GPG_KEY URL: https://github.com/apache/bookkeeper/pull/420#issuecomment-321267276 @caiok The key server was not connect-able for about 6 hours. ``` [91mgpg: directory `/root/.gnupg' created gpg: new configuration file `/root/.gnupg/gpg.conf' created gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/root/.gnupg/secring.gpg' created gpg: keyring `/root/.gnupg/pubring.gpg' created gpg: requesting key B3D56514 from hkp server ha.pool.sks-keyservers.net [0m [91mgpg: no valid OpenPGP data found. gpg: Total number processed: 0 [0m ?: ha.pool.sks-keyservers.net: Network is unreachable gpgkeys: HTTP fetch error 7: couldn't connect: Network is unreachable Removing intermediate container 8054a51a48f3 ``` We seems meet a selection between 2 things: 1, In every release, you do a manually work to add a Key into this docker file; 2, Compromise that the apache website will be hacked, and bk binary is replaced by a malicious one. And this change choose the 2nd. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
With regards, Apache Git Services