Collected from the PG bugs email list.
|Reported by||Dan Ell|
Body of first available message related to this bug follows.
The following bug has been logged on the website: Bug reference: 16406 Logged by: Dan Ell Email address: (redacted) PostgreSQL version: 11.0 Operating system: centos7 Description: I’m looking for their public key from an authoritative source, and I can’t find it. I’m doing due diligence while updating postgresql client software on centos7, and the signers of the package are listed as “PostgreSQL RPM Building Project email@example.com”, so I check around for them. I find lots of credible references to them, in the right places, including this page at postgresql.org: https://yum.postgresql.org/packages.php, and even fossil pages that accidentally contain the fingerprint of their public key. .. but when I hit pgfoundry.org it’s all pictures of hardbodies and gym equipment. I've seen the FAQ about pgfoundry: https://wiki.postgresql.org/wiki/Pgfoundry, and it seems that the transition is very recent, so it makes sense that they built the package. Here's the question that prompted this report, during a yum install: Importing GPG key 0x442DF0F8: Userid : "PostgreSQL RPM Building Project <firstname.lastname@example.org>" Fingerprint: 68c9 e2b9 1a37 d136 fe74 d176 1f16 d2e1 442d f0f8 Package : pgdg-redhat-repo-42.0-9.noarch (@/pgdg-redhat-repo-latest.noarch) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG Is this ok [y/N]:
|2020-04-30 18:28:10+00||PG Bug reporting form||BUG #16406: can't find public key for PostgreSQL RPM Building Project <email@example.com>|