The signatures seem to be OK, but the GUI version says it's an invalid key. If I understand PGP's trust model right, this only means that the your key hasn't been signed by people I explicitly trust. So I think everything looks good.
- Tim >>> Conor MacNeill <[EMAIL PROTECTED]> 10/01/01 05:44AM >>> Timothy Shadel wrote: > Please let me know when you've found a solution as well. > > - Tim > > >>>>Chris <[EMAIL PROTECTED]> 09/28/01 10:02AM >>> >>>> > Timothy, > > You got the same problem I got. Even better, you were using the GUI and PGP > 7.0.2, and I was using the command line and PGP 6.5.8. > > Conor, I'm a little pressed for time right now to try and install GPG and > check it out, but the sig should really work on both, shouldn't it? If you > want to try and get it working on PGP as well, I'd be happy to be a guinea > pig. If you want, send to my personal email at [EMAIL PROTECTED] - I check > that more than the any list. > > - Chris OK, this is what I have found. I can verify the signature using gpg both on Win32 and Linux. Conversely, PGP always indicates the signature is bad. I tried many versions of the GUI version on Win32 and the command line version on the jakarta.apache.org server. I'm not sure why this is. Anyway I have just posted a new 1.4.1 Beta release here http://www.apache.org/dist/jakarta/jakarta-ant/release/v1.4.1b1/ I generated this on Linux rather than Win32. I have still used gpg to sign the files but pgp on jakarta.apache.org seems a lot happier with these. Can you check those files out and let me know. Thanks Conor
