Signing key is not published

[fabianfrz]

The signing key for this project is not published on the GPG servers, which makes it impossible to verify the signatures of the jar files on maven central.

Can you please upload your public key to any public key servers or if not possible at least to the repository?

A call like this should retrieve your public key to verify the artifact:

https://pgp.mit.edu/pks/lookup?op=get&options=mr&search=0x1D0690E353BE126D

[UrielCh]

I have just published it using http://pgp.mit.edu/. I'm not shure that it works.

[fabianfrz]

@UrielCh As soon as you publish it, the keyservers will sync each other and every client should be able to pull that key.
With that key, the sig file can be checked.

[fabianfrz]

looks like the key is not yet there. the MIT one seems to be down, but it should be on Ubuntu as well:

https://keyserver.ubuntu.com/pks/lookup?search=0x1D0690E353BE126D&fingerprint=on&op=index

If you want to publish a key, it can be usually done directly from gpg tooling itself or you can post it in ASCII armoured format.