db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Hillegas <Richard.Hille...@Sun.COM>
Subject Re: Problem verifying the release
Date Wed, 03 Sep 2008 21:25:18 GMT
Hi Kathey,

This is the same key which I used to sign 10.2.1.6, 10.2.2.0, and 
10.3.1.4. The fingerprint and sig look identical and this is the sig 
which is in the KEYS file. For what it's worth, this sig and I appear on 
the Apache web of trust: http://people.apache.org/~henkp/trust/apache.html

Perhaps a key-signing expert could interpret this data for us.

Regards,
-Rick


Kathey Marsden wrote:
> I attempted to verify the release with gpg and get:
>
> [C:/kmarsden/projects/10.4.2.0]  gpg --verify  
> db-derby-10.4.2.0-bin.zip.asc
> gpg: Signature made 08/26/08 06:59:54  using DSA key ID 98E21827
> gpg: Good signature from "Rick Hillegas <rhillegas@apache.org>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the 
> owner.
> Primary key fingerprint: 8F57 86E6 ED0B D91C 1BB8  36FD 3D8B 00E1 98E2 
> 1827
>
>
> I see in the KEYS file that it doesn't look like Rick's key has been 
> signed by anyone.
>
> pub   1024D/98E21827 2006-02-04
> uid                  Rick Hillegas <rhillegas@apache.org>
> sig 3        98E21827 2006-02-04  Rick Hillegas <rhillegas@apache.org>
> sub   2048g/EA8075A5 2006-02-04
> sig          98E21827 2006-02-04  Rick Hillegas <rhillegas@apache.org>
>
> -----BEGIN PGP PUBLIC KEY BLOCK----
>
> ...
>
>


Mime
View raw message