From 5f79b2feb2e87a38666d4ce7a5dcdbfc2247130e Mon Sep 17 00:00:00 2001 From: marco-ippolito Date: Thu, 28 Mar 2024 19:08:48 +0100 Subject: [PATCH] doc: update release gpg keyserver --- doc/contributing/releases.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/doc/contributing/releases.md b/doc/contributing/releases.md index db0d4552e41ea4..f0d601e17759a3 100644 --- a/doc/contributing/releases.md +++ b/doc/contributing/releases.md @@ -90,10 +90,11 @@ responsible for that release. In order to be able to verify downloaded binaries, the public should be able to check that the `SHASUMS256.txt` file has been signed by someone who has been authorized to create a release. -The GPG keys should be fetchable from a known third-party keyserver. The SKS -Keyservers at are recommended. Use the -[submission](https://pgp.mit.edu/) form to submit a new GPG key. You'll need to -do an ASCII-armored export of your key first: +The GPG keys should be fetchable from a known third-party keyserver. +The OpenPGP keyserver at is recommended. +Use the [submission](https://keys.openpgp.org/upload) form to submit +a new GPG key, and make sure to verify the associated email. +You'll need to do an ASCII-armored export of your key first: ```bash gpg --armor --export email@server.com > ~/nodekey.asc @@ -102,7 +103,7 @@ gpg --armor --export email@server.com > ~/nodekey.asc Keys should be fetchable via: ```bash -gpg --keyserver pool.sks-keyservers.net --recv-keys +gpg --keyserver hkps://keys.openpgp.org --recv-keys ``` The key you use may be a child/subkey of an existing key.