hbase-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Todd Lipcon <t...@cloudera.com>
Subject Re: ANN:0.90.6 RC5 available for download
Date Thu, 15 Mar 2012 04:31:22 GMT
You probably want to do:
gpg --keyserver pgp.mit.edu --recv-keys 30CD0996

That wlil update Stack's keys and its signatures from the central
repo. Though you still won't have a "web of trust" unless you have
also signed a bunch of keys, I don't think. But I've signed Owen's key
3D0C92B9, and Owen has signed Stack's key 30CD0996, so I can verify
that signature.

-Todd

On Wed, Mar 14, 2012 at 10:49 AM, Jonathan Hsieh <jon@cloudera.com> wrote:
> Sorry about my ignorance about this -- I'm new to the gpg tools. I missed
> stack's key when I checked in the asc file.  I just ran thought the steps I
> could gather and  here's what I get.  I'm not completely sure but I believe
> there is still something not quite right with this (same WARNING on stack's
> and ram's signature).
>
> Am I doing something wrong? (or just worrying too much..)
>
> ----
> [jon@c0309 dist]$ curl
> http://svn.apache.org/viewvc/hbase/dist/KEYS?view=co> KEYS
> [jon@c0309 dist]$ gpg --import KEYS
> gpg: key 30CD0996: public key "Michael Stack <stack@duboce.net>" imported
> gpg: key 945D66AF: public key "Jean-Daniel Cryans (ASF key) <
> jdcryans@apache.org>" imported
> gpg: key D34B98D6: public key "Michael Stack <stack@apache.org>" imported
> gpg: key AEC77EAF: public key "Todd Lipcon <tlipcon@mercea.net>" imported
> gpg: Total number processed: 4
> gpg:               imported: 4  (RSA: 2)
> [jon@c0309 dist]$ gpg --verify hbase-0.90.6.tar.gz.asc.1
> hbase-0.90.6-rc5.tar.gz
> gpg: Signature made Fri 02 Mar 2012 10:40:13 AM PST using RSA key ID
> 30CD0996
> gpg: Good signature from "Michael Stack <stack@duboce.net>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the
> owner.
> Primary key fingerprint: 686E 5EDF 04A4 8305 5416  0910 DF0F 5BBC 30CD 0996
> gpg: Signature made Fri 02 Mar 2012 09:40:28 AM PST using RSA key ID
> 867B57B8
> gpg: Good signature from "Ramkrishna S Vasudevan (for code checkin) <
> ram_krish_86@hotmail.com>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the
> owner.
> Primary key fingerprint: 7405 BB74 016B E7D0 7B25  15E3 A1AB D56E 867B 57B8
> [jon@c0309 dist]$
> [jon@c0309 dist]$  # this is stack's
> [jon@c0309 dist]$ gpg --fingerprint 30cd0996
> pub   2048R/30CD0996 2010-05-03
>      Key fingerprint = 686E 5EDF 04A4 8305 5416  0910 DF0F 5BBC 30CD 0996
> uid                  Michael Stack <stack@duboce.net>
> sub   2048R/00A5F21E 2010-05-03
> ---
>
> Jon.
>
>
> On Wed, Mar 14, 2012 at 10:06 AM, Stack <stack@duboce.net> wrote:
>
>> On Wed, Mar 14, 2012 at 9:21 AM, Jonathan Hsieh <jon@cloudera.com> wrote:
>> > We need get the gpg signature fixed since you aren't in the web of trust
>> > yet.  We need to add stack's and I'd like to add mine once my keys get
>> > added to the web of trust (folks are a little more accessible here).
>> >
>>
>> I thought I signed it.
>>
>> if not, can check the bits and sign before release.
>>
>> Thanks for taking her for a spin Jon.
>> St.Ack
>>
>
>
>
> --
> // Jonathan Hsieh (shay)
> // Software Engineer, Cloudera
> // jon@cloudera.com



-- 
Todd Lipcon
Software Engineer, Cloudera

Mime
View raw message