I've updated my GPG signing key — the old one had expired. Here's what changed:
- Extended key expiration from 2026-04-02 to 2028-04-06 - Updated the KEYS file on dist.apache.org (revision 83726) - Uploaded the renewed key to keys.openpgp.org, keyserver.ubuntu.com, and pgp.mit.edu Try to re-import the updated key and run the approve script again. ``` gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys F4CE36E979325A6221706DB0E86EF353F54FE093 ``` Or download and import the updated KEYS file: ``` curl -O https://dist.apache.org/repos/dist/release/royale/KEYS gpg --import KEYS I hope that does it... ________________________________ From: Greg Dove <[email protected]> Sent: Thursday, April 9, 2026 11:32 PM To: [email protected] <[email protected]> Subject: Re: [DISCUSS] Discuss Release Apache Royale Compiler Build Tools 1.2.2 I started the approval ant script this morning to review. the gpg check provides this: Primary key fingerprint: F4CE 36E9 7932 5A62 2170 6DB0 E86E F353 F54F E093 gpg: Signature made 04/07/26 20:42:12 New Zealand Standard Time gpg: using RSA key F4CE36E979325A6221706DB0E86EF353F54FE093 gpg: Good signature from "Yishay Weiss <[email protected]>" [expired] gpg: Note: This key has expired! Primary key fingerprint: F4CE 36E9 7932 5A62 2170 6DB0 E86E F353 F54F E093 Apparently this means the signature itself was valid, but the expiration date for the key has now passed. Are others seeing this, and is it important? On Wed, Apr 8, 2026 at 12:57 AM Andrew Wetmore <[email protected]> wrote: > Morning! > > 1. Should there be a README file in the compiler build tools directory that > describes what they are and how to use them? Or is that covered somewhere > else? I see info from almost ten years ago in > https://github.com/apache/royale-compiler/wiki but I am not sure this is > specific to the build tools. Perhaps such a README could simplypoint to the > developer guide: > https://github.com/apache/royale-compiler/wiki/developer-guide > > 2. Is this a 'product' of our project? Would third-parties ever download > and use it, or is it jut for the project? I ask because, if it is a > product, we should mention its new version in our next board report. > > a > > Andrew Wetmore > Assistant VP, Marketing and Publicity, The ASF <https://apache.org> > Editor-Writer, Infra team, The ASF > > Editor, moosehousepress.com > > > On Tue, Apr 7, 2026 at 6:21 AM Yishay Weiss <[email protected]> > wrote: > > > This is the discussion thread. > > > > Thanks, > > Yishay Weiss > > > > >
