On Fri, Mar 5, 2021 at 10:22 AM 'Ward, Evan' via jackson-user <[email protected]> wrote: > > Hi, > > First, thank you for making Jackson!
Hi there! > > I noticed while upgrading to a newer version of Jackson that the key > used to sign releases changed with release 2.11.2. I checked the > release notes, bud didn't see any mention of the change in keys. The > problem is that I can't find the public key anywhere, which leaves me > unable to verify the releases are authentic. So my question is > threefold: > > 1. Who owns 0x8A10792983023D5D14C93B488D7F1BEC1E2ECAE7 ? That would be me, and email associated with it should be "[email protected]". As per this: https://keys.openpgp.org/search?q=tatu.saloranta%40iki.fi and I have tried my best to make it available through that key server. Apparently there are some oddities in gpg key publishing, like as per: https://superuser.com/questions/1485213/gpg-cant-import-key-new-key-but-contains-no-user-id-skipped > 2. Is that key authorized to make Jackson releases? Yes. > 3. Can you publish it? I was under impression I had done that, but apparently there is no functioning syncing/merging functionality across various key servers these days; nor canonical way. > Either to a key server such as http://keyserver.ubuntu.com/ or I can try to see how to upload it there. > following Apache's model to a KEYS file in your git repository. Or both > would be even better so that it is easy to access via a standard > protocol and it is clear that it is authorized to make releases for the > Jackson project. Do you have an example project I could look at? I think I'd want to add something on: https://github.com/FasterXML/jackson/ because there are more than a dozen Jackson repositories and it seems counterproductive to have to update all of them when gpg keys expire (previous one expired after 5 years but ideally I assume keys should be for even shorter timespans). -+ Tatu +- > > Best Regards, > Evan > > -- > You received this message because you are subscribed to the Google Groups > "jackson-user" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jackson-user/15be318d87d07640591f0cdd884f85d88a1af707.camel%40nrl.navy.mil. -- You received this message because you are subscribed to the Google Groups "jackson-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jackson-user/CAL4a10jBDGHse9bs8pRBrP8Pj7wzPMdC2aqQogbgJsqoVvdLTg%40mail.gmail.com.
