On 12/27/06, Craig McClanahan <[EMAIL PROTECTED]> wrote:
The md5 and sha1 checksums are fine. When I try to verify the signature,
though:
gpg --verify shale-master-2.pom.asc shale-master-2.pom
I get the "Can't check signature: public key not found" error. I see that
your key is available (at least) on the MIT keyserver ... what's the magic
incantation for using such a key (without adding it to my web of trust yet
... we should probably start doing key exchanges at events like ApacheCons)?
I think it's: gpg --import <file>
Rahul, please add your key to http://www.apache.org/dist/shale/KEYS
(which should be in svn somewhere, but I don't see it.)
--
Wendy
