infra-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (INFRA-16685) Can't close release in Maven Central
Date Tue, 26 Jun 2018 09:10:00 GMT

     [ https://issues.apache.org/jira/browse/INFRA-16685?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Colm O hEigeartaigh updated INFRA-16685:
----------------------------------------
    Description: 
Hi Infra,

After creating a new release and uploading it to maven central, I can't "close" it this morning.
This is because it can't find my public key to verify the signatures on the artifacts:

failureMessage	No public key: Key with id: (67bf80b10ad53983) was not able to be located on
http://gpg-keyserver.de/. Upload your public key and try the operation again.
failureMessage	No public key: Key with id: (67bf80b10ad53983) was not able to be located on
http://pool.sks-keyservers.net:11371. Upload your public key and try the operation again.
failureMessage	No public key: Key with id: (67bf80b10ad53983) was not able to be located on
http://pgp.mit.edu:11371. Upload your public key and try the operation again.

However I think the process we are using here is flawed:

a)  http://gpg-keyserver.de/ does not resolve
b) When you search on "http://pool.sks-keyservers.net:11371" (e.g. https://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x67BF80B10AD53983)
you get an SSL error:

pool.sks-keyservers.net:11371 uses an invalid security certificate. The certificate is only
valid for pgpkeys.urown.net

c) The MIT site is currently giving a 503: http://pgp.mit.edu:11371/pks/lookup?search=Colm&op=index

Maybe the MIT will be back up by the time someone checks this JIRA - but the process is flawed,
as (a) and (b) appear to be broken - so we are always relying on one site to be up.

*edit* I was able to close the release later on. I think my point still stands though about
the lack of redundancy. Feel free to close this JIRA if you disagree.


  was:
Hi Infra,

After creating a new release and uploading it to maven central, I can't "close" it this morning.
This is because it can't find my public key to verify the signatures on the artifacts:

failureMessage	No public key: Key with id: (67bf80b10ad53983) was not able to be located on
http://gpg-keyserver.de/. Upload your public key and try the operation again.
failureMessage	No public key: Key with id: (67bf80b10ad53983) was not able to be located on
http://pool.sks-keyservers.net:11371. Upload your public key and try the operation again.
failureMessage	No public key: Key with id: (67bf80b10ad53983) was not able to be located on
http://pgp.mit.edu:11371. Upload your public key and try the operation again.

However I think the process we are using here is flawed:

a)  http://gpg-keyserver.de/ does not resolve
b) When you search on "http://pool.sks-keyservers.net:11371" (e.g. https://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x67BF80B10AD53983)
you get an SSL error:

pool.sks-keyservers.net:11371 uses an invalid security certificate. The certificate is only
valid for pgpkeys.urown.net

c) The MIT site is currently giving a 503: http://pgp.mit.edu:11371/pks/lookup?search=Colm&op=index

Maybe the MIT will be back up by the time someone checks this JIRA - but the process is flawed,
as (a) and (b) appear to be broken - so we are always relying on one site to be up.



> Can't close release in Maven Central
> ------------------------------------
>
>                 Key: INFRA-16685
>                 URL: https://issues.apache.org/jira/browse/INFRA-16685
>             Project: Infrastructure
>          Issue Type: Task
>          Components: maven
>            Reporter: Colm O hEigeartaigh
>            Priority: Major
>
> Hi Infra,
> After creating a new release and uploading it to maven central, I can't "close" it this
morning. This is because it can't find my public key to verify the signatures on the artifacts:
> failureMessage	No public key: Key with id: (67bf80b10ad53983) was not able to be located
on http://gpg-keyserver.de/. Upload your public key and try the operation again.
> failureMessage	No public key: Key with id: (67bf80b10ad53983) was not able to be located
on http://pool.sks-keyservers.net:11371. Upload your public key and try the operation again.
> failureMessage	No public key: Key with id: (67bf80b10ad53983) was not able to be located
on http://pgp.mit.edu:11371. Upload your public key and try the operation again.
> However I think the process we are using here is flawed:
> a)  http://gpg-keyserver.de/ does not resolve
> b) When you search on "http://pool.sks-keyservers.net:11371" (e.g. https://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x67BF80B10AD53983)
you get an SSL error:
> pool.sks-keyservers.net:11371 uses an invalid security certificate. The certificate is
only valid for pgpkeys.urown.net
> c) The MIT site is currently giving a 503: http://pgp.mit.edu:11371/pks/lookup?search=Colm&op=index
> Maybe the MIT will be back up by the time someone checks this JIRA - but the process
is flawed, as (a) and (b) appear to be broken - so we are always relying on one site to be
up.
> *edit* I was able to close the release later on. I think my point still stands though
about the lack of redundancy. Feel free to close this JIRA if you disagree.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message