Hi Kathey,
This is the same key which I used to sign 10.2.1.6, 10.2.2.0, and
10.3.1.4. The fingerprint and sig look identical and this is the sig
which is in the KEYS file. For what it's worth, this sig and I appear on
the Apache web of trust: http://people.apache.org/~henkp/trust/apache.html
Perhaps a key-signing expert could interpret this data for us.
Regards,
-Rick
Kathey Marsden wrote:
I attempted to verify the release with gpg and get:
[C:/kmarsden/projects/10.4.2.0] gpg --verify
db-derby-10.4.2.0-bin.zip.asc
gpg: Signature made 08/26/08 06:59:54 using DSA key ID 98E21827
gpg: Good signature from "Rick Hillegas <[EMAIL PROTECTED]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 8F57 86E6 ED0B D91C 1BB8 36FD 3D8B 00E1 98E2
1827
I see in the KEYS file that it doesn't look like Rick's key has been
signed by anyone.
pub 1024D/98E21827 2006-02-04
uid Rick Hillegas <[EMAIL PROTECTED]>
sig 3 98E21827 2006-02-04 Rick Hillegas <[EMAIL PROTECTED]>
sub 2048g/EA8075A5 2006-02-04
sig 98E21827 2006-02-04 Rick Hillegas <[EMAIL PROTECTED]>
-----BEGIN PGP PUBLIC KEY BLOCK----
...
