I've definitely had problems with gpg :) Will double-check/fix the lang 2.0.
Hen On Tue, 13 Jul 2004, Gary Gregory wrote: > I am going through the steps [1] to release Commons-Codec 1.3 and I am > wondering at how strictly other components have been following the rules > WRT signing. > > In particular, in step 8 "Verify signatures.", I get the same results as > for my local copy of codec 1.3 as for lang 2.0 when I do the following: > > # gpg --verify commons-lang-2.0.tar.gz.asc commons-lang-2.0.tar.gz > gpg: Signature made Mon 01 Sep 2003 06:34:22 PM PDT using DSA key ID > 61F3E6B3 > gpg: Good signature from "Henri Yandell (For signing Apache > distributions) " > gpg: checking the trustdb > gpg: no ultimately trusted keys found > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: CEF6 F51A E081 BA36 7763 52F2 5094 C55A 61F3 > E6B3 > > So, is this good enough even with the WARNING? > > Thanks, > Gary > > [1] http://jakarta.apache.org/commons/releases/release.html > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
