santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Mullan <Sean.Mul...@Sun.COM>
Subject Re: Can't verify 1.4.2 signature
Date Tue, 02 Jun 2009 17:59:39 GMT
I signed it for the first time with my key but I thought I had updated 
the KEYS file. I'll look into this and get back to you.

--Sean

jason marshall wrote:
> As a datapoint, using the same process I am able to verify the 1.4.1 
> signature.  Did the signing key get swapped out at some point without 
> updating the KEYS file?
>
> Thanks,
> Jason
>
> On Mon, Jun 1, 2009 at 2:16 PM, jason marshall <jdmarshall@gmail.com 
> <mailto:jdmarshall@gmail.com>> wrote:
>
>     My coworker tried to upgrade to XML Sec 1.4.2 and discovered that
>     she couldn't verify the ASC signature against the binaries.  It
>     appears that a new key is being used for signing, but didn't get
>     added to the keyring?
>
>     I was able to repro the same failure.  Anybody else?
>
>     ~> gpg --verbose --verify xml-security-bin-1_4_2.zip.asc
>     gpg: armor header: Version: GnuPG v2.0.9 (SunOS)
>     gpg: assuming signed data in `xml-security-bin-1_4_2.zip'
>     gpg: Signature made Mon 23 Jun 2008 01:09:20 PM PDT using DSA key
>     ID A74A32FC
>     gpg: Can't check signature: public key not found
>
>
>     Thanks,
>     Jason
>
>
>
>
> -- 
> - Jason


Mime
View raw message