openoffice-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrea Pescetti <pesce...@apache.org>
Subject Signature verification for 4.1.3-RC1
Date Sat, 08 Oct 2016 13:08:35 GMT
This is not a blocker for the release (and moreover signature files are 
explicitly allowed to be updated during the release vote if needed), but 
I couldn't verify signatures in a straightforward way for source packages.

One of the signatures is mine; no problem with that, and that itself is 
enough to prove integrity for release approval purposes.

Patricia's one, according to my GPG, is done with a key having a short 
ID of 02703386; I couldn't find the public key in the usual places, so I 
couldn't verify this one.

Again, this is not a blocker issue since one key is enough, but public 
keys used for signing releases are expected to be found at:
http://www.apache.org/dist/openoffice/KEYS
or (secondary resource) at
https://people.apache.org/keys/committer/

The former contains my key and another key by Patricia (short ID 
A57935C5); the latter contains the same key by Patricia - it doesn't 
contain mine since I never bothered uploading it again to enforce the 
long IDs and I now see that someone decided to remove the keys that only 
had a short ID, I'll fix it later today.

Where can I find the matching public key by Patricia? It should be added 
in SVN to
https://dist.apache.org/repos/dist/release/openoffice/KEYS
which (I believe) maps to the first URL I listed. There is surely a way 
to do it without a full checkout, but I didn't check details.

Regards,
   Andrea.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org


Mime
View raw message