openoffice-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <>
Subject Re: Signature verification for 4.1.3-RC1
Date Sun, 09 Oct 2016 17:12:12 GMT
We should ensure that AOO people join the keysignings @ ApacheCon
> On Oct 8, 2016, at 9:08 AM, Andrea Pescetti <> wrote:
> This is not a blocker for the release (and moreover signature files are explicitly allowed
to be updated during the release vote if needed), but I couldn't verify signatures in a straightforward
way for source packages.
> One of the signatures is mine; no problem with that, and that itself is enough to prove
integrity for release approval purposes.
> Patricia's one, according to my GPG, is done with a key having a short ID of 02703386;
I couldn't find the public key in the usual places, so I couldn't verify this one.
> Again, this is not a blocker issue since one key is enough, but public keys used for
signing releases are expected to be found at:
> or (secondary resource) at
> The former contains my key and another key by Patricia (short ID A57935C5); the latter
contains the same key by Patricia - it doesn't contain mine since I never bothered uploading
it again to enforce the long IDs and I now see that someone decided to remove the keys that
only had a short ID, I'll fix it later today.
> Where can I find the matching public key by Patricia? It should be added in SVN to
> which (I believe) maps to the first URL I listed. There is surely a way to do it without
a full checkout, but I didn't check details.
> Regards,
>  Andrea.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message