As some community members noticed earlier this week, there was a problem with the GPG Keys and signature validation associated with 1.x TICK stack components.
There have been a number of digital supply chain attacks as of late and we have been discussing a wide range of security related topics to improve our overall security posture for our community. One of these is ensuring that we periodically rotate our signing keys.
In attempting to perform a periodic key rotation, we encountered some unanticipated downstream effects and this is the reason for the temporary issue. We have rolled back the change for now as we look to make this process smoother and ensure that we do a better job of communicating this kind of change to our community members.
We deeply apologize for any inconvenience, and lack of prior notification. We appreciate all of those community members who reached out to check in, confirm and alert us to the situation. You are doing the right thing – and we are happy to see that our community is leveraging the security measures that we have in place.
Once we have remediated the issues we encountered, we will perform the key rotation and communicate that change as a part of our improved process.
Thank you again for being part of the InfluxData Community.