commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Craig L Russell <Craig.Russ...@Sun.COM>
Subject Re: [releasing] PGP keys for code signing
Date Wed, 06 May 2009 14:43:08 GMT
Much better!

[CraigRussell:~/Downloads] clr% gpg --recv-keys 42196CA8
gpg: requesting key 42196CA8 from hkp server
gpg: key 42196CA8: public key "Christian Grobmeier (Apache  
Codesigning) <>" imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:  74  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:  74  signed:  26  trust: 17-, 26q, 0n, 0m, 31f, 0u
gpg: depth: 2  valid:  19  signed:   7  trust: 7-, 10q, 0n, 0m, 2f, 0u
gpg: next trustdb check due at 2009-05-09
gpg: Total number processed: 1
gpg:               imported: 1
[CraigRussell:~/Downloads] clr% gpg --verify commons-chain-1.2- 
gpg: Signature made Tue May  5 22:13:09 2009 PDT using DSA key ID  
gpg: Good signature from "Christian Grobmeier (Apache Codesigning) <

gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the  
Primary key fingerprint: 9D23 5338 96A9 7847 0358  5B62 86E0 2C5A 4219  

I'd vote for this signature being valid to sign releases. Only  
incubator releases right now, since it hasn't been signed by the  
Apache WOT. That can be fixed at a Sign-a-Thon. ;-)


On May 5, 2009, at 11:35 PM, Christian Grobmeier wrote:

>> gpg: Can't check signature: public key not found
>> [CraigRussell:~/Downloads] clr% gpg --recv-keys 42196CA8
>> gpg: requesting key 42196CA8 from hkp server
>> gpgkeys: key 42196CA8 not found on keyserver
> Thanks, i sent it to several keyservers now :-)
> Can you try again?
> Christian
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

Craig L Russell
Architect, Sun Java Enterprise System
408 276-5638
P.S. A good JDO? O, Gasp!

View raw message