Missing GnuPG signature files (portage-${date}.tar.bz2.gpgsig) after 2005-11-11 for newer portage snapshots on the download mirrors. The 'Gentoo Portage Snapshot Signing Key' is expired since that date and I didn't find a new one on the keyservers. # gpg --list-keys 'Portage Snapshot' pub 1024D/D8BA32AA 2004-11-11 [expired: 2005-11-11)] uid Gentoo Portage Snapshot Signing Key (Automated Signing Key) Reproducible: Always Steps to Reproduce: 1. Browse the snapshot directory on any gentoo download mirror. 2. Search for GnuPG signature files (portage-${date}.tar.bz2.gpgsig) with date after 20051111. 3. Actual Results: No signature files for snapshots after 2005-11-11 found. Expected Results: Please provide GnuPG signature files for the portage snapshots again and publish a new and valid signing key on the keyservers and/or the Gentoo website.
Kurt, Brian said you setup the key for this so, here's the bug.
created new key w/ ID 7DDAD20D. Sent to pgp.mit.edu. New snapshots going forward will use this key. closing as fixed.
Thanks for the quick response and the publication of a knew signing key, but I am sorry to say that I still miss the signature for the latest snapshot, so the problem is only halfway fixed. I found the new key on pgp.mit.edu and other synced keyservers. Fetched it on 2005-11-23, 23:25 GMT. I understand that it could be too late to use it for portage-20051123.tar.bz2, created 2005-11-24, 01:55 GMT (2005-11-23, 20:55 GMT -5:00), but expected to see a signature file portage-20051124.tar.bz2.gpgsig for the latest snapshot on the mirrors. Though I don't know anything about the procedure that is used for signing the snapshot, I guess there is a script for automation that possibly want to use a wrong key that is explicitly named as an option for gpg or the default key/keyring points to the old invalid key. (Or I am too impatient and everything is prepared for the next snapshot ?)