Can't find public PGP key

(Talyz) #1

I’ve searched quite a bit now, but I can’t find the public PGP key to verify the Caddy builds with. Is it uploaded somewhere?

1 Like
(Matt Holt) #2

I should put the link somewhere. It’s on Keybase: https://keybase.io/caddy

1 Like
(Talyz) #3

Ah, I see. Thanks! :slight_smile: A link on the download page would be very nice - googling “caddy public pgp key” and similar finds nothing relevant - no references to keybase at all :confused:

Also, keybase looks nifty for some things, but unfortunately it doesn’t work like a keyserver or push public keys to one. It’s pretty neat to be able to find and import the key directly from gpg, so please consider publishing it on a normal keyserver too.

1 Like
(Matt Holt) #4

That’s a good idea, I’ll get around to it. And the Download page is ripe for some more information about what to do after downloading.

(Matt Vance) #5

It would also be good if the signed files were also published on the GitHub page in the event the build server is down. The other advantage of the GitHub releases page is it provides a way to specify which version to download (I didn’t see a way to do this via passing a parameter to https://caddyserver.com/download/darwin/amd64.

While most folks will always want to run the latest version, requesting a specific version via curl is helpful in special use cases like a Docker image which wants to use tags to pull different versions.

(Matthew Fay) #6

I understand this functionality was omitted from the new build server by conscious decision not to make outdated versions available, but I can’t recall where on the forums (if it even was stated on these forums) that was said.

1 Like
(Matt Holt) #7

Yeah, I’ll improve GitHub releases over time.

But:

Matthew is right; before I make it easier for people to download old versions, I want to get auto-upgrade implemented.

(Matt Vance) #8

That’s fair.