santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jason marshall <jdmarsh...@gmail.com>
Subject Re: Can't verify 1.4.2 signature
Date Mon, 08 Jun 2009 17:16:05 GMT
Did the KEYS file get updated?

Thanks,
Jason

On Tue, Jun 2, 2009 at 10:59 AM, Sean Mullan <Sean.Mullan@sun.com> wrote:

>  I signed it for the first time with my key but I thought I had updated the
> KEYS file. I'll look into this and get back to you.
>
> --Sean
>
>
> jason marshall wrote:
>
> As a datapoint, using the same process I am able to verify the 1.4.1
> signature.  Did the signing key get swapped out at some point without
> updating the KEYS file?
>
> Thanks,
> Jason
>
> On Mon, Jun 1, 2009 at 2:16 PM, jason marshall <jdmarshall@gmail.com>wrote:
>
>> My coworker tried to upgrade to XML Sec 1.4.2 and discovered that she
>> couldn't verify the ASC signature against the binaries.  It appears that a
>> new key is being used for signing, but didn't get added to the keyring?
>>
>> I was able to repro the same failure.  Anybody else?
>>
>> ~> gpg --verbose --verify xml-security-bin-1_4_2.zip.asc
>> gpg: armor header: Version: GnuPG v2.0.9 (SunOS)
>> gpg: assuming signed data in `xml-security-bin-1_4_2.zip'
>> gpg: Signature made Mon 23 Jun 2008 01:09:20 PM PDT using DSA key ID
>> A74A32FC
>> gpg: Can't check signature: public key not found
>>
>>
>> Thanks,
>> Jason
>>
>>
>
>
> --
> - Jason
>
>
>


-- 
- Jason

Mime
View raw message