Skip to content

Update expired GPG signing keys#533

Merged
joelanford merged 1 commit into
operator-framework:mainfrom
joelanford:update-gpg-keys
May 19, 2026
Merged

Update expired GPG signing keys#533
joelanford merged 1 commit into
operator-framework:mainfrom
joelanford:update-gpg-keys

Conversation

@joelanford
Copy link
Copy Markdown
Member

@joelanford joelanford commented May 19, 2026

Summary

  • Update the GPG signing key files (pubring.auto and secring.auto.gpg) with renewed key expiration (2028-11-11)
  • The previous key expired 2025-11-07, causing release signing to fail with gpg: skipped "A20B5C7E": Unusable secret key

Context

@grokspawn
Copy link
Copy Markdown
Contributor

grokspawn commented May 19, 2026

Would it be considered a breaking change if we stopped signing these releases?
Can we perpetuate the key signing process in a way that survives maintainer drift?

@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented May 19, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 74.71%. Comparing base (08ab7fb) to head (228dfbd).
⚠️ Report is 150 commits behind head on main.

❗ There is a different number of reports uploaded between BASE (08ab7fb) and HEAD (228dfbd). Click for more details.

HEAD has 1 upload less than BASE
Flag BASE (08ab7fb) HEAD (228dfbd)
2 1
Additional details and impacted files 
@@             Coverage Diff             @@
##             main     #533       +/-   ##
===========================================
- Coverage   85.06%   74.71%   -10.35%     
===========================================
  Files          19       31       +12     
  Lines        1346     2037      +691     
===========================================
+ Hits         1145     1522      +377     
- Misses        125      433      +308     
- Partials       76       82        +6

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@joelanford joelanford added this pull request to the merge queue May 19, 2026
@joelanford
Copy link
Copy Markdown
Member Author

joelanford commented May 19, 2026

Would it be considered a breaking change if we stopped signing these releases?

Debatable, but not great to stop signing.

Can we perpetuate the key signing process in a way that survives maintainer drift?

Only if we somehow automate renewing the key or removing the expiration date?

Merged via the queue into operator-framework:main with commit 9b0834f May 19, 2026
6 checks passed
@joelanford joelanford deleted the update-gpg-keys branch May 19, 2026 19:00
@grokspawn grokspawn mentioned this pull request May 19, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rashmigottipati rashmigottipati rashmigottipati approved these changes

@grokspawn grokspawn grokspawn approved these changes

@everettraven everettraven Awaiting requested review from everettraven

@varshaprasad96 varshaprasad96 Awaiting requested review from varshaprasad96

Assignees

No one assigned

Labels

area/sdk

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@joelanford @grokspawn @codecov-commenter @rashmigottipati