santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Mullan <Sean.Mul...@Sun.COM>
Subject Re: Can't verify 1.4.2 signature
Date Mon, 08 Jun 2009 18:43:52 GMT
Which KEYS file are you using? Try: http://santuario.apache.org/dist/

I still need to update http://www.apache.org/dist/xml/security/KEYS

--Sean

jason marshall wrote:
> Did the KEYS file get updated?
> 
> Thanks,
> Jason
> 
> On Tue, Jun 2, 2009 at 10:59 AM, Sean Mullan <Sean.Mullan@sun.com 
> <mailto:Sean.Mullan@sun.com>> wrote:
> 
>     I signed it for the first time with my key but I thought I had
>     updated the KEYS file. I'll look into this and get back to you.
> 
>     --Sean
> 
> 
>     jason marshall wrote:
>>     As a datapoint, using the same process I am able to verify the
>>     1.4.1 signature.  Did the signing key get swapped out at some
>>     point without updating the KEYS file?
>>
>>     Thanks,
>>     Jason
>>
>>     On Mon, Jun 1, 2009 at 2:16 PM, jason marshall
>>     <jdmarshall@gmail.com <mailto:jdmarshall@gmail.com>> wrote:
>>
>>         My coworker tried to upgrade to XML Sec 1.4.2 and discovered
>>         that she couldn't verify the ASC signature against the
>>         binaries.  It appears that a new key is being used for
>>         signing, but didn't get added to the keyring?
>>
>>         I was able to repro the same failure.  Anybody else?
>>
>>         ~> gpg --verbose --verify xml-security-bin-1_4_2.zip.asc
>>         gpg: armor header: Version: GnuPG v2.0.9 (SunOS)
>>         gpg: assuming signed data in `xml-security-bin-1_4_2.zip'
>>         gpg: Signature made Mon 23 Jun 2008 01:09:20 PM PDT using DSA
>>         key ID A74A32FC
>>         gpg: Can't check signature: public key not found
>>
>>
>>         Thanks,
>>         Jason
>>
>>
>>
>>
>>     -- 
>>     - Jason
> 
> 
> 
> 
> -- 
> - Jason


Mime
View raw message