Signing key for 2.9.7 release jar?

Question

Signing key for 2.9.7 release jar?

cap10morgan opened this issue 3 years ago · 2 comments

I was trying to build a new official clojure Docker image for the 2.9.7 release, but @technomancy's public key (id 808A33D379C806C3 on keys.openpgp.org) doesn't seem to verify the .asc file in this release (it does for previous releases).

Was this release signed with a different key?

It would be good to document the signing key somewhere (GitHub wiki?).

Answer 1 · 2021-09-17T18:46:20.000Z

Sorry about this; I missed the verification email from openpgp.org after they changed their process. I've re-uploaded it to openpgp.org and verified this time, and the key is also listed at https://technomancy.us/colophon and now uploaded to my github profile.

Answer 2 · 2021-09-17T18:59:24.000Z

Thanks @technomancy! All sorted now.