@playernine opened this Issue on March 11th 2022

All links for verifying signatures of piwik packages lead to
https://matomo.org/blog/2014/11/verify-signatures-piwik-packages/

But that is outdated: It works for the old signature pre 4.8.0
Under Mac OSX tryning to import new signature:

gpg --keyserver keys.gnupg.net --recv-keys F529A27008477483777FC23D63BB30D0E5D2C749
gpg: keyserver receive failed: No data

gpg2 --keyserver keys.openpgp.org --recv-keys F529A27008477483777FC23D63BB30D0E5D2C749
gpg: key 63BB30D0E5D2C749: new key but contains no user ID - skipped
gpg: Total number processed: 1
gpg: w/o user IDs: 1

The keys.openpgp.org keyserver, which has an owner approval system will strip all user IDs unless the owner of the corresponding email address has allowed them to be published.

What works:
gpg2 --keyserver hkps://keyserver.ubuntu.com --recv-keys F529A27008477483777FC23D63BB30D0E5D2C749
gpg: key 63BB30D0E5D2C749: public key "Matomo <hello@matomo.org>" imported
gpg: Total number processed: 1
gpg: imported: 1

@justinvelluppillai commented on April 4th 2022 Contributor

Thanks for that @playernine, I've updated the blog post to reflect.

This Issue was closed on April 4th 2022
Powered by GitHub Issue Mirror