Per , it should be possible to verify ICU releases using PGP.
This method worked for 71.1. When trying with 72.1, one gets:
The referenced 0x3DA35301A7C330257B8755754058F67406EAA6AB key is not referenced at which is at commit at time of filing this bug.
Please either upload a new signature for ICU 72.1 or update the KEYS file in the ICU repository.
Thanks!
Activity
Markus Scherer
September 22, 2023 at 5:43 PM
merged https://github.com/unicode-org/icu/pull/2407 onto main on 2023-mar-30. I guess that was after branching off maint-73? Probably not intentional, but short of amending that commit and rebasing all ICU commits since then, all we can do is add the fixVersion, right?
Shane Carr
September 21, 2023 at 11:53 PM
The latest commit on this issue is shipping for the first time in ICU 74.1 --- if this is expected, please add that fix version to the ticket here in Jira.
Markus Scherer
March 21, 2023 at 10:16 PM
please see my comment from 2022-oct-20.
We need to close this ticket here for ICU 73 in the next couple of days. If the instructions update doesn’t make it, then please submit a follow-up ticket for that.
Sam James
October 21, 2022 at 4:59 AM
Thanks a bunch Markus for the quick fix! I’ll get it rolled out in Gentoo shortly
Markus Scherer
October 20, 2022 at 9:45 PM
Let’s keep this ticket open past getting the KEYS updated: I would like to ask to improve instructions for building release binaries. Whoever is signing them should check the key they are using; ideally it should not expire, it should be signed, and it needs to be published.
Per , it should be possible to verify ICU releases using PGP.
This method worked for 71.1. When trying with 72.1, one gets:
The referenced
0x3DA35301A7C330257B8755754058F67406EAA6AB
key is not referenced at which is at commit at time of filing this bug.Please either upload a new signature for ICU 72.1 or update the KEYS file in the ICU repository.
Thanks!