santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jason marshall <jdmarsh...@gmail.com>
Subject Re: Can't verify 1.4.2 signature
Date Thu, 11 Jun 2009 21:51:18 GMT
I haven't tried this out yet.  I did want to point out that the instructions
for doing the check are on

http://santuario.apache.org/download.html

and they point to the second location you list below.

On Mon, Jun 8, 2009 at 11:43 AM, Sean Mullan <Sean.Mullan@sun.com> wrote:

> Which KEYS file are you using? Try: http://santuario.apache.org/dist/
>
> I still need to update http://www.apache.org/dist/xml/security/KEYS
>
> --Sean
>
> jason marshall wrote:
>
>> Did the KEYS file get updated?
>>
>> Thanks,
>> Jason
>>
>> On Tue, Jun 2, 2009 at 10:59 AM, Sean Mullan <Sean.Mullan@sun.com<mailto:
>> Sean.Mullan@sun.com>> wrote:
>>
>>    I signed it for the first time with my key but I thought I had
>>    updated the KEYS file. I'll look into this and get back to you.
>>
>>    --Sean
>>
>>
>>    jason marshall wrote:
>>
>>>    As a datapoint, using the same process I am able to verify the
>>>    1.4.1 signature.  Did the signing key get swapped out at some
>>>    point without updating the KEYS file?
>>>
>>>    Thanks,
>>>    Jason
>>>
>>>    On Mon, Jun 1, 2009 at 2:16 PM, jason marshall
>>>    <jdmarshall@gmail.com <mailto:jdmarshall@gmail.com>> wrote:
>>>
>>>        My coworker tried to upgrade to XML Sec 1.4.2 and discovered
>>>        that she couldn't verify the ASC signature against the
>>>        binaries.  It appears that a new key is being used for
>>>        signing, but didn't get added to the keyring?
>>>
>>>        I was able to repro the same failure.  Anybody else?
>>>
>>>        ~> gpg --verbose --verify xml-security-bin-1_4_2.zip.asc
>>>        gpg: armor header: Version: GnuPG v2.0.9 (SunOS)
>>>        gpg: assuming signed data in `xml-security-bin-1_4_2.zip'
>>>        gpg: Signature made Mon 23 Jun 2008 01:09:20 PM PDT using DSA
>>>        key ID A74A32FC
>>>        gpg: Can't check signature: public key not found
>>>
>>>
>>>        Thanks,
>>>        Jason
>>>
>>>
>>>
>>>
>>>    --    - Jason
>>>
>>
>>
>>
>>
>> --
>> - Jason
>>
>
>


-- 
- Jason

Mime
View raw message