Description of problem: In download links, we recommend to check signature using: gpg --keyserver pool.sks-keyservers.net --recv-keys EDCA7A90 but: gpg: échec de réception depuis le serveur de clefs : No name I seems that the certificates of this server is out. pgp.mit.edu is long to reply. keyserver.ubuntu.com seems OK. Now, I discover: https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f But, the server recommended in this article doesn't work for us. LC_ALL=C gpg --keyserver keys.openpgp.org --recv-keys EDCA7A90 gpg: keyserver receive failed: No data Thus, should we download our key elsewhere? Which server should we recommend as the one we recommend seems definitively out.
Isodumper and Mageiasync is also concerned because they have this server in the code.
https://www.rossde.com/PGP/pgp_keyserv.html#pubserv has a list of public key servers. The ubuntu key server is working ... $ gpg --keyserver keyserver.ubuntu.com --recv-key EDCA7A90 gpg: key 835E41F4EDCA7A90: public key "Mageia Release <release@mageia.org>" imported gpg: Total number processed: 1 gpg: imported: 1 For now, all occurrences of pool.sks-keyservers.net can be replaced with keyserver.ubuntu.com We should set up our own key server though. Adding the sysadmin team to cc list.
CC: (none) => davidwhodgins, sysadmin-bugs
The old server is still referenced in this page: https://www.mageia.org/fr/downloads/get/ It should be updated.
I have updated the git repository. However, the website still to be updated.
Fixed with keyserver.ubuntu.com
Thus closing
Status: NEW => RESOLVEDResolution: (none) => FIXED