Bug #55754 for Package-Autoloader: Key used in signature not uploaded to PKI

RT for rt.cpan.org

This queue is for tickets about the Package-Autoloader CPAN distribution.

Report information

The Basics

Id:	55754
Status:	rejected
Priority:	0/
Queue:	Package-Autoloader

People

Owner:	WINTRU [...] cpan.org
Requestors:	ANDK [...] cpan.org
Cc:
AdminCc:

Bug Information

Severity:	Normal
Broken in:	0.15c
Fixed in:	(no value)

History Show all quoted text

Sun Mar 21 01:48:19 2010 ANDK [...] cpan.org - Ticket created

Subject:

Key used in signature not uploaded to PKI

When trying to verify your signature: gpgkeys: key 767844C2C1BBC7BA not found on keyserver gpg: Signature made Mon 15 Mar 2010 02:09:23 AM CET using DSA key ID C1BBC7BA gpg: requesting key C1BBC7BA from hkp server pgp.mit.edu gpg: no valid OpenPGP data found. gpg: Can't check signature: public key not found ==> BAD/TAMPERED signature detected! <== Did you not upload your PGP key to any public keyserver? Please do so, otherwise your signature is not of much use for the average CPAN user. Thanks!

Mon Mar 22 21:35:29 2010 WINTRU [...] cpan.org - Taken

Mon Mar 22 21:35:57 2010 WINTRU [...] cpan.org - Status changed from 'new' to 'open'

Mon Mar 22 21:55:44 2010 WINTRU [...] cpan.org - Correspondence added

The problem is Module::Signature, where the currently second most outdated server of the PKI, pgp.mit.edu, is hardcoded. pgp.acm.jhu.edu (missing 121_831 keys / behind 400 days) pgp.mit.edu (missing 37_388 keys / behind 124 days) keyserver.novomundo.com.br (missing 19_203 keys / behind 64 days) keys.snow-crash.org (missing 10_004 keys / behind 33 days) keyserver.fabbione.net (missing 9_208 keys) barbadine.canonical.com (missing 7_458 keys) esperanza.canonical.com (missing 7_458 keys) keyserver.ubuntu.com (missing 7_458 keys) pks.gpg.cz (missing 2_561 keys)

Mon Mar 22 21:55:46 2010 WINTRU [...] cpan.org - Status changed from 'open' to 'rejected'