cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Udo Rader <list...@bestsolution.at>
Subject Re: gpg verification: missing key 0EE3D884
Date Tue, 17 Nov 2015 19:33:53 GMT
sorry for the noise & being probably paranoid here, but I've once had to
deal with compromized source code (proftpd) and I promised myself to
cross check as much as I can ...

On 11/17/2015 06:35 PM, John Kinsella wrote:
> Thanks.
> 
> Rohit’s out sick, but I’ve reached out to coworkers to see when we can get that straightened
out.  I’m confident it’s not a security risk, but will update once we can confirm that.
> 
> John
> 
>> On Nov 17, 2015, at 9:12 AM, Udo Rader <listudo@bestsolution.at> wrote:
>>
>> created a jira issue for this
>> https://issues.apache.org/jira/browse/CLOUDSTACK-9070 ...
>>
>> On 11/17/2015 12:58 AM, John Kinsella wrote:
>>> Rohit - looks like your key isn’t in https://dist.apache.org/repos/dist/release/cloudstack/KEYS
?
>>>
>>> On Nov 16, 2015, at 3:43 PM, Udo Rader <listudo@bestsolution.at<mailto:listudo@bestsolution.at>>
wrote:
>>>
>>> Hi,
>>>
>>> I've downloaded the latest 4.5.2 tar.bz2 and tried to verify the
>>> download using gpg, but gpg tells me that the used key is unknown:
>>>
>>> [udo@artio Downloads]$ gpg --verify apache-cloudstack-4.5.2-src.tar.bz2.asc
>>> gpg: assuming signed data in `apache-cloudstack-4.5.2-src.tar.bz2'
>>> gpg: Signature made Wed 19 Aug 2015 11:13:04 AM CEST using RSA key ID
>>> 0EE3D884
>>> gpg: Can't check signature: public key not found
>>>
>>> So is the key missing from http://www.apache.org/dist/cloudstack/KEYS or
>>> am I missing something?
>>>
>>> Regards
>>>
>>> Udo
>>>
> 

Mime
View raw message