Re: [VOTE] Relase Apache APISIX Python Plugin Runner 0.1.0

Fri, 27 Aug 2021 00:28:30 -0700 

I got:
gpg --verify apisix-python-plugin-runner-0.1.0-src.tgz.asc
gpg: assuming signed data in 'apisix-python-plugin-runner-0.1.0-src.tgz'
gpg: Signature made 2021年08月26日 星期四 20时00分35秒 CST
gpg:                using RSA key 147CD2ABFA330EC56E4BABF927263EFDC64AACA1
gpg: Good signature from "JinChao Shuai <shuaijinc...@apache.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 147C D2AB FA33 0EC5 6E4B  ABF9 2726 3EFD C64A ACA1

Look like we need to trust the new key: https://serverfault.com/a/569923

JinChao Shuai <shuaijinc...@apache.org> 于2021年8月27日周五 下午1:17写道:
>
> 2. Checksums and signatures steps
> The KEYS file download address is from
> wget https://dist.apache.org/repos/dist/release/apisix/KEYS
> Change to
> wget https://dist.apache.org/repos/dist/dev/apisix/KEYS
> Reload the public key via `gpg --import KEYS`, and then verify it.
>
> JinChao Shuai <shuaijinc...@apache.org> 于2021年8月27日周五 下午12:04写道:
>
> > KEYS has been updated, please download the KEYS file again, and import and
> > verify it through `gpg --import KEYS`.
> >
> > Zhiyuan Ju <juzhiy...@apache.org> 于2021年8月27日周五 上午11:17写道:
> >
> >> Hi,
> >>
> >> When I try to import KEYS and trust it, GPG tells me `No public key`, do I
> >> miss something?
> >>
> >> Best Regards!
> >> @ Zhiyuan Ju <https://github.com/juzhiyuan>
> >>
> >>
> >> Zexuan Luo <spacewan...@apache.org> 于2021年8月27日周五 上午11:13写道:
> >>
> >> > BTW, I have run "gpg --import KEYS" and confirmed that the key from
> >> > Jinchao Shuai doesn't change.
> >> >
> >> > Zexuan Luo <spacewan...@apache.org> 于2021年8月27日周五 上午11:02写道:
> >> > >
> >> > > I checked:
> >> > > - Download links are valid
> >> > > - Checksums is valid
> >> > > - LICENSE and NOTICE files
> >> > > - make setup successfully
> >> > >
> >> > > When I run "gpg --verify
> >> apisix-python-plugin-runner-0.1.0-src.tgz.asc",
> >> > I got:
> >> > > gpg: assuming signed data in
> >> 'apisix-python-plugin-runner-0.1.0-src.tgz'
> >> > > gpg: Signature made 2021年08月26日 星期四 20时00分35秒 CST
> >> > > gpg:                using RSA key
> >> > 147CD2ABFA330EC56E4BABF927263EFDC64AACA1
> >> > > gpg: Can't check signature: No public key
> >> > >
> >> > > Maybe I miss something?
> >> >
> >>
> >
> >
> > --
> > Thanks,
> > Janko
> >
>
>
> --
> Thanks,
> Janko

Reply via email to