I noticed @daira signed the latest release with key 067F492098CF2762. However this public key has not been added to her GitHub profile, thus preventing this system from verifying commit signatures. Would be nice if all devs / release engineers added your keys to your GitHub profile(s). Of course I get that this is not essential and should not be trusted alone, but it gives users one more way to quickly verify integrity of releases.
Ideally the dev team should also sign each other's keys.
jonathancross
All 4 comments
Away from my computer with my key on it -- I'll get to this tonight.
daira
on 27 Oct 2016
I'm unable to fix this because github incorrectly thinks the key is expired, even after uploading a new export of it with an expiration date of 2018-03-16.
daira
on 28 Oct 2016
Hmmm...
Did you follow the GUI instructions here?
If it is rejecting a good key, then you should contact support: https://github.com/contact
jonathancross
on 31 Oct 2016
I no longer sign releases. Reassigning to @ageis to make sure that the current release signing key is on github.
daira
on 27 Feb 2017
Related issues
defuse
路
4Comments
daira
路
3Comments
str4d
路
4Comments
oxarbitrage
路
3Comments
Erosluvu
路
4Comments
Most helpful comment
Away from my computer with my key on it -- I'll get to this tonight.