You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The GPG signing key for this provider expired in February. Using an expired signing key may cause signatures to be rejected as the signature verification in OpenTofu/Terraform develops.
How can one reproduce the bug?
Import the key submitted in opentofu/registry#1296, which matches your latest release, into GPG and list the keys.
What is the expected behavior?
The releases should be signed with a non-expired key.
I see whats happening, the key was renewed by was not submitted to the hashicorp gpg-keys keys, hence curl 'https://registry.terraform.io/v1/providers/opensearch-project/opensearch/2.3.1/download/linux/amd64' | jq --raw-output '.signing_keys | .gpg_public_keys | .[0] | .ascii_armor' shows old key.
What is the bug?
The GPG signing key for this provider expired in February. Using an expired signing key may cause signatures to be rejected as the signature verification in OpenTofu/Terraform develops.
How can one reproduce the bug?
Import the key submitted in opentofu/registry#1296, which matches your latest release, into GPG and list the keys.
What is the expected behavior?
The releases should be signed with a non-expired key.
What is your host/environment?
N/A
Do you have any screenshots?
Do you have any additional context?
opentofu/registry#1296
#221
The text was updated successfully, but these errors were encountered: