This repository has been archived by the owner on Jul 9, 2020. It is now read-only.
Builds will fail as GPG keys expire and are rotated #43
Comments
|
I'm really sorry about the Yarn key... I've been meaning to create a keyring package and stick it in the Yarn Debian repo but it's fairly low on my list of priorities. Nobody in the Debian/Ubuntu community has given any guidance on how to do so, and I haven't had time to research it myself. |
|
Hi @Daniel15! Thanks for your note. For now we've used the workaround you mentioned in the issue, but I'm concerned about deployment reproducibility going forward. The strategy you outlined in this comment sounds good to me, but I'm also not an expert in packaging issues. Thanks again! |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
We recently had a build failure due to an expired GPG for yarn. here is the associated issue.
This may continue to happen for packages that don't come with a companion -keyring package that keeps the keys up to date. The best step would be to include a build step that makes sure apt has the most up to date version of the keys.
The text was updated successfully, but these errors were encountered: