commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Craig L Russell <Craig.Russ...@Sun.COM>
Subject Re: [releasing] PGP keys for code signing
Date Wed, 06 May 2009 05:55:13 GMT
Not so good.

Here's what I get after downloading the two files:

[CraigRussell:~/Downloads] clr% gpg --verify commons-chain-1.2- 
bin.tar.gz.asc
gpg: Signature made Tue May  5 22:13:09 2009 PDT using DSA key ID  
42196CA8
gpg: Can't check signature: public key not found
[CraigRussell:~/Downloads] clr% gpg --recv-keys 42196CA8
gpg: requesting key 42196CA8 from hkp server subkeys.pgp.net
gpgkeys: key 42196CA8 not found on keyserver
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

I'm no expert but it doesn't appear like the DSA key can be checked by  
gpg like all the Apache releases.

Craig

On May 5, 2009, at 10:42 PM, Christian Grobmeier wrote:

>> Why not try creating a signature for an existing Commons release,  
>> e.g. IO?
>> Upload it to your home directory on people, along with the public  
>> key,
>> and some of us can see if it is usable.
>
> That would be great! Thanks!
>
> Here are the urls:
> http://people.apache.org/~grobmeier/test/commons-chain-1.2-bin.tar.gz
> http://people.apache.org/~grobmeier/test/commons-chain-1.2-bin.tar.gz.asc
>
> Cheers,
> Christian
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>

Craig L Russell
Architect, Sun Java Enterprise System http://db.apache.org/jdo
408 276-5638 mailto:Craig.Russell@sun.com
P.S. A good JDO? O, Gasp!


Mime
View raw message