Darshit Shah <[email protected]> writes: > + --gpg-keyring-url=URL URL pointing to the GnuPG Keyring containing > + the key used to sign the tarballs ... > If that command fails because you don't have the required public key, > then run this command to import it: > > - gpg --keyserver keys.gnupg.net --recv-keys $gpg_key_id > + wget -q -O- '$gpg_keyring_url' | gpg --import -
Hi. I agree this part of announce-gen is sub-optimal. There were earlier discussions about solutions: https://gitlab.com/libidn/libidn2/-/issues/98#note_635780242 My first reaction was that we should use something like that instead, and not your patch. However given how unreliable the GnuPG parameters (different version compatibility, and some reports about bugs) are wrt to key servers, I prefer your approach to mention a URL in the announcement instead of suggesting --recv-keys or some variant of --locate-external-keys. This also makes it much easier for anyone not using GnuPG to locate the OpenPGP key. Do you have push access to gnulib, or do you want me to polish up the patch and push it? /Simon
signature.asc
Description: PGP signature
