Skip to content

Commit

Permalink
doc: update release gpg keyserver
Browse files Browse the repository at this point in the history
PR-URL: #52257
Refs: nodejs/Release#984
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Ruy Adorno <ruy@vlt.sh>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
  • Loading branch information
marco-ippolito committed May 3, 2024
1 parent c2def7d commit cc67720
Showing 1 changed file with 6 additions and 5 deletions.
11 changes: 6 additions & 5 deletions doc/contributing/releases.md
Original file line number Diff line number Diff line change
Expand Up @@ -90,10 +90,11 @@ responsible for that release. In order to be able to verify downloaded binaries,
the public should be able to check that the `SHASUMS256.txt` file has been
signed by someone who has been authorized to create a release.

The GPG keys should be fetchable from a known third-party keyserver. The SKS
Keyservers at <https://sks-keyservers.net> are recommended. Use the
[submission](https://pgp.mit.edu/) form to submit a new GPG key. You'll need to
do an ASCII-armored export of your key first:
The public keys should be fetchable from a known third-party keyserver.
The OpenPGP keyserver at <https://keys.openpgp.org/> is recommended.
Use the [submission](https://keys.openpgp.org/upload) form to submit
a new public key, and make sure to verify the associated email.
You'll need to do an ASCII-armored export of your key first:

```bash
gpg --armor --export email@server.com > ~/nodekey.asc
Expand All @@ -102,7 +103,7 @@ gpg --armor --export email@server.com > ~/nodekey.asc
Keys should be fetchable via:

```bash
gpg --keyserver pool.sks-keyservers.net --recv-keys <FINGERPRINT>
gpg --keyserver hkps://keys.openpgp.org --recv-keys <FINGERPRINT>
```

The key you use may be a child/subkey of an existing key.
Expand Down

0 comments on commit cc67720

Please sign in to comment.