On Mon, Jan 08, 2024 at 10:10:24AM +0800, Peter Xu wrote: > On Sun, Jan 07, 2024 at 11:28:25AM -0500, Stefan Hajnoczi wrote: > > On Sun, 7 Jan 2024 at 10:23, Peter Maydell <peter.mayd...@linaro.org> wrote: > > > > > > On Sun, 7 Jan 2024 at 12:41, Stefan Hajnoczi <stefa...@gmail.com> wrote: > > > > > > > > On Sun, 7 Jan 2024 at 07:34, Peter Xu <pet...@redhat.com> wrote: > > > > > > > > > > On Fri, Jan 05, 2024 at 04:08:40PM +0000, Peter Maydell wrote: > > > > > > I notice that your gpg key doesn't seem to be signed by anybody > > > > > > else; you might look at whether it's easy to get it signed > > > > > > by somebody else (eg some of your redhat colleagues). > > > > > > > > > > Hmm, I think I have signed with at least Juan and Stefan. Which is > > > > > the key > > > > > server we normally use? Maybe I missed some steps there? > > > > > > > > Yes, Peter's key is signed by me: > > > > > > > > $ gpg --list-signatures 3B5FCCCDF3ABD706 > > > > pub ed25519/0x3B5FCCCDF3ABD706 2023-10-03 [SC] > > > > Key fingerprint = B918 4DC2 0CC4 57DA CF7D D1A9 3B5F CCCD F3AB > > > > D706 > > > > uid [ full ] Peter Xu <xzpe...@gmail.com> > > > > sig 3 0x3B5FCCCDF3ABD706 2023-10-03 [self-signature] > > > > sig 0x9CA4ABB381AB73C8 2023-10-10 Stefan Hajnoczi > > > > <stefa...@redhat.com> > > > > uid [ full ] Peter Xu <pet...@redhat.com> > > > > sig 3 0x3B5FCCCDF3ABD706 2023-10-03 [self-signature] > > > > sig 0x9CA4ABB381AB73C8 2023-10-10 Stefan Hajnoczi > > > > <stefa...@redhat.com> > > > > sub cv25519/0xD5261EB1CB0C6E45 2023-10-03 [E] > > > > sig 0x3B5FCCCDF3ABD706 2023-10-03 [self-signature] > > > > > > > > I have pushed to the keyservers again in case I forget. > > > > > > Thanks. Which keyservers did you use? I think these days the > > > keyserver infrastructure is unfortunately fragmented; I > > > probably didn't try refreshing from the right keyserver. > > > > I ran gpg --send-key again and it said hkps://keyserver.ubuntu.com. > > Thanks Stefan. Indeed I can only see Stefan's sig there on the key server: > > https://keyserver.ubuntu.com/pks/lookup?search=3b5fcccdf3abd706&fingerprint=on&op=index > > I am guessing Juan forgot to do a "gpg --send-keys 3B5FCCCDF3ABD706". I'll > also try to ask maybe one or two more people to exchange keys. Maybe > that'll also help.
Besides that, just now I also tried to do a remote --recv-keys on my own key and I found that indeed the signature from Stefan was not attached. Then I found this: https://daniel-lange.com/archives/178-Getting-gpg-to-import-signatures-again.html So it seems the default behavior of gpg command changed recently that it'll stop to receive signatures besides the self signature to avoid DoS to the keyservers. https://dev.gnupg.org/rG23c978640812d123eaffd4108744bdfcf48f7c93 In short, now we seem to need: $ gpg --recv-keys --keyserver-option no-self-sigs-only $KEY_ID To recover the old behavior to receive signs from others. Thanks, -- Peter Xu
