tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: [VOTE] Release Apache Tomcat 7.0.22
Date Thu, 29 Sep 2011 16:56:55 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 29/09/2011 12:17, Christopher Schultz wrote:
> Mark,
> 
> On 9/29/2011 8:09 AM, Mark Thomas wrote:
>> On 28/09/2011 14:43, Christopher Schultz wrote:
>>> Mark,
>> 
>>> On 9/27/2011 5:36 PM, Mark Thomas wrote:
>>>> The proposed Apache Tomcat 7.0.22 release is now available
>>>> for voting.
>>>> 
>>>> It can be obtained from: 
>>>> http://people.apache.org/~markt/dev/tomcat-7/v7.0.22/ The svn
>>>> tag is: 
>>>> http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_22/
>>>>
>>>>
>>>>
>>
>>>> 
The proposed 7.0.21 release is:
>>>> 
>>>> [ ] Broken - do not release [ ] Beta   - go ahead and release
>>>> as 7.0.22 Beta [X] Stable - go ahead and release as 7.0.22
>>>> Stable
>> 
>>> + MD5 sums match. - GPG verifies with a key that Mark appears
>>> to use for nothing else, no key signers :(
>> 
>> Huh?
>> 
>> $ gpg --verify catalina-jmx-remote.jar.asc
>> catalina-jmx-remote.jar gpg: Signature made Tue 27 Sep 16:47:07
>> 2011 EDT using RSA key ID 2F6059E7 gpg: Good signature from "Mark
>> E D Thomas <markt@apache.org>"
> 
> Running --verify wasn't the problem (it verifies). I was talking
> about other people signing your GPG key.

The --verify was to show which key I used to sign the binaries.

> It was also distinct from the other key I had for you (0x33C60243)
> so I wasn't sure why there were two. Some ASF folks have two, one
> clearly marked (CODE SIGNING KEY)... it just appears you haven't
> done the same.

See http://people.apache.org/~markt/TRANSITION.asc

I use one key for everything.

> Weird... I got no signers when I first obtained your key. Updating
> the key shows 28 signatures so maybe I was on crack at the time. Or
> now.
> 
>> http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x10C01C5A2F6059E7
>>
>>
>> 
That key is very firmly in the ASF web of trust.
>> 
>> It is also in the KEYS file.
> 
> Yup, all is well.

np

Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJOhKNWAAoJEBDAHFovYFnnRRMP/0XhOEToihEn0emgnhhY6yon
FbnaT9E2cL8t/xcArKb36kWoftjtZOemk2bpBK6+dEM9bzserwLHv+pSF+okyxva
InZ7owFvjcsLabNEWyYOGNjMPLPB3tD5otarF0D9EKA0zr09JJWUGdU0twUvswcj
uO6fC3cmWd32mPteU6ZaDd1g6wyrXEyIa0o2F+RR0DugEQ2obCaP0pGdax0v54lV
BP2EzLtp2TYyj467x9mM8Sae7FJ5iEEcxwwbBxoA5F7DuqG2ZOHqgtxg/nvKGXZk
Jy8nMxt+YuoGbMNzH+tjdmYeDdpcm2oDzOhKDr4aR1ViImKTlv2jMY1XiE1L8THX
1RLSe6WXlEDhm7z1ExX1Fm968D6B1gPJ6OyWoAZZFPc5jiy3gIxIaouID8ZR7yLY
juY0GcSH+FsgGOnKmL5kWhWnF+18PR/XwEe6vVcmTysuEr1xWUsVoqdMky4ho2Em
ldiM8ekSsb8Nk8eaFVS2UBCHVGdu/31zoxQlAHXIHiXPhx2TtttQ5iQrzzTafD24
kGpLacVkdczLsT5n7FUpY5CIdYf6LeNQZM/HSkW+Bp1vfhdA471ovaNxghwOPU4B
RlaPctkuXFLCcYOor7AYjymlgTxTWK68lzj24Q1LYkK68meM55lVeZ1N5ERZ+pkD
GEhJqw/FLEGMgY/TyDSY
=mb+O
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message