[🚀 Feature]: Publish updated key used to sign artifacts published to Central

[pzygielo]

Description

Like

• [🚀 Feature]: Publish updated key used to sign artifacts published to Central #15502

While I wrote there

4.32.0 was signed with different key, which is fine.

(key 81BE0C38ACE8AEDC7735A05F4C2AFF633F3A7223 was used then)

the newest release 4.38.0

$ gpg --verify org/seleniumhq/selenium/selenium-api/4.38.0/selenium-api-4.38.0.jar.asc org/seleniumhq/selenium/selenium-api/4.38.0/selenium-api-4.38.0.jar
gpg: Signature made Sat 25 Oct 2025 05:50:59 CEST
gpg:                using RSA key F23E6F40ED06B8E0B269523C0DE2A6EBAF6DB53F
gpg: Good signature from "Titus Fortner <titus@saucelabs.com>" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: F23E 6F40 ED06 B8E0 B269  523C 0DE2 A6EB AF6D B53F

was signed again with bad, bad key. And I can't get newer, non-expired version from hkps://pgp.surfnet.nl hkps://keyserver.ubuntu.com hkps://keys.openpgp.org hkps://pgpkeys.eu.

Please publish updated key or do not use the expired one.

Have you considered any alternatives or workarounds?

No response

[selenium-ci]

@pzygielo, thank you for creating this issue. We will troubleshoot it as soon as we can.

Selenium Triage Team: remember to follow the Triage Guide

[pzygielo]

Seems that it was not completed…