ICU 72.1 release signed by unknown key

Description

Per , it should be possible to verify ICU releases using PGP.

This method worked for 71.1. When trying with 72.1, one gets:

The referenced 0x3DA35301A7C330257B8755754058F67406EAA6AB key is not referenced at which is at commit at time of filing this bug.

Please either upload a new signature for ICU 72.1 or update the KEYS file in the ICU repository.

Thanks!

Activity

Markus Scherer 
September 22, 2023 at 5:43 PM

merged https://github.com/unicode-org/icu/pull/2407 onto main on 2023-mar-30. I guess that was after branching off maint-73? Probably not intentional, but short of amending that commit and rebasing all ICU commits since then, all we can do is add the fixVersion, right?

Shane Carr 
September 21, 2023 at 11:53 PM

The latest commit on this issue is shipping for the first time in ICU 74.1 --- if this is expected, please add that fix version to the ticket here in Jira.

Markus Scherer 
March 21, 2023 at 10:16 PM

please see my comment from 2022-oct-20.

We need to close this ticket here for ICU 73 in the next couple of days. If the instructions update doesn’t make it, then please submit a follow-up ticket for that.

Sam James 
October 21, 2022 at 4:59 AM

Thanks a bunch Markus for the quick fix! I’ll get it rolled out in Gentoo shortly

Markus Scherer 
October 20, 2022 at 9:45 PM

Let’s keep this ticket open past getting the KEYS updated: I would like to ask to improve instructions for building release binaries. Whoever is signing them should check the key they are using; ideally it should not expire, it should be signed, and it needs to be published.

Fixed

Details

Assignee

Reporter

Components

Priority

Time Needed

Hours

Fix versions

Created October 19, 2022 at 9:41 PM
Updated October 4, 2023 at 10:03 PM
Resolved April 12, 2023 at 10:24 PM