dash/contrib/builder-keys/README.md
fanquake 40a8b925db
Merge bitcoin/bitcoin#22688: contrib: use keys.openpgp.org to retrieve builder keys
4c43b7d41d11072f382f938379d21cd2e0bcbb47 contrib: use hkps://keys.openpgp.org to retrieve builder keys (fanquake)

Pull request description:

  `hkps://hkps.pool.sks-keyservers.net` is essentially no-longer functional,
  and a number of distributions and GPG tools have since switched to using
  the `keys.openpgp.org` key server as their default.

  See this Debian patch for additional context:
  https://salsa.debian.org/debian/gnupg2/-/blob/debian/main/debian/patches/Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch

  Switch to using keys.openpgp.org in the CI as well.

ACKs for top commit:
  MarcoFalke:
    cr ACK 4c43b7d41d11072f382f938379d21cd2e0bcbb47
  Zero-1729:
    ACK 4c43b7d41d11072f382f938379d21cd2e0bcbb47

Tree-SHA512: e6c72b67778b76f81c659eee0e4195fea9e579587c64921affd35b9d46a077d4e8754b7fb85ca90a9a4bbc5cd5a47b0c6e4c9dbf9a335418a12f774d665e5a19
2024-10-25 20:51:20 +07:00

836 B

PGP keys of builders and Developers

The file keys.txt contains fingerprints of the public keys of builders and active developers.

The keys are mainly used to sign git commits or the build results of builds.

The most recent version of each pgp key can be found on most pgp key servers.

Fetch the latest version from the key server to see if any key was revoked in the meantime. To fetch the latest version of all pgp keys in your gpg homedir,

gpg --refresh-keys

To fetch keys of builders and active developers, feed the list of fingerprints of the primary keys into gpg:

while read fingerprint keyholder_name; do gpg --keyserver hkps://keys.openpgp.org --recv-keys ${fingerprint}; done < ./keys.txt

Add your key to the list if you provided Guix attestations for two major or minor releases of Dash Core.