openjpa-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wsmoak <>
Subject Re: [VOTE] Approve OpenJPA 1.1.0 release
Date Wed, 28 May 2008 14:45:42 GMT

Craig L Russell wrote:
> Sounds like your info is out of date by a couple of days.
> I signed Patrick's key a few days ago.

(Signed keys are a good thing, though it doesn't look like that has
propagated yet.  Not sure how that happens.)

The main issue that Henk raised [1] is inconsistent signatures-- the .asc
file does not match the .jar file for those eight artifacts.  For example:

$ gpg --verify openjpa-jdbc-1.1.0.jar.asc openjpa-jdbc-1.1.0.jar
gpg: Signature made Tue May 20 02:22:19 2008 UTC using DSA key ID 513CA0DC
gpg: BAD signature from "Patrick Linskey (CODE SIGNING KEY)

It usually means the file changed after it was signed.  Given that the
release was re-done, is it possible something happened then?  (I do see the
other vote thread now that I look, thanks for the info... Google didn't send
me an alert. :/ )


View this message in context:
Sent from the OpenJPA Developers mailing list archive at

View raw message