Ok, I did use pgp.mit.edu wrongly. Now I found the key by other means. Olaf
> Am 07.02.2016 um 08:15 schrieb Evans Ye <[email protected]>: > > Hi Olaf, did you get the key from keyserver? > > $ gpg --verify bigtop-1.1.0-project.tar.gz.asc bigtop-1.1.0-project.tar.gz > gpg: Signature made Sun Jan 31 12:09:46 2016 CST using DSA key ID CB588E12 > gpg: Can't check signature: public key not found > > $ gpg --keyserver pgpkeys.mit.edu --recv-key CB588E12 # Took a while to > finish > > $ gpg --verify bigtop-1.1.0-project.tar.gz.asc bigtop-1.1.0-project.tar.gz > gpg: Signature made Sun Jan 31 12:09:46 2016 CST using DSA key ID CB588E12 > gpg: Good signature from "Konstantin I Boudnik (Cos) <[email protected]>" > gpg: aka "Konstantin I Boudnik (Cos) <[email protected]>" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: 2CAC 8312 4870 D885 8616 6115 220F 6980 1F27 E622 > Subkey fingerprint: 88C5 8332 D1A9 6A83 F9B3 2776 7A7C 8596 CB58 8E12 > > > 2016-02-05 17:01 GMT+08:00 Olaf Flebbe <[email protected]>: > >> hi, >> >> the signature file is made with a key CB588E12 , not contained in KEYS. >> Or missed I something important? >> >> Olaf >> >>> Am 31.01.2016 um 05:35 schrieb Konstantin Boudnik <[email protected]>: >>> >>> This is the vote for release 1.1.0 of Apache Bigtop. >>> >>> It fixes the following issues: >>> >> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311420&version=12329714 >>> >>> The vote will be going for at least 72 hours and will be closed on >> Wednesday, >>> February 3rd, 2016 at noon PDT. Please download, test and vote with >>> >>> [ ] +1, accept rc1 as the official 1.1.0 release of Apache Bigtop >>> [ ] +0, I don't care either way, >>> [ ] -1, do not accept rc1 as the official 1.1.0 release of Apache >> Bigtop, because... >>> >>> Source and binary files: >>> https://dist.apache.org/repos/dist/dev/bigtop/1.1.0-rc1 >>> >>> Maven staging repo: >>> https://repository.apache.org/content/repositories/orgapachebigtop-1006 >>> >>> The git tag to be voted upon is release-1.1.0 >>> >>> Bigtop's KEYS file containing PGP keys we use to sign the release: >>> https://dist.apache.org/repos/dist/release/bigtop/KEYS >>> >>> Thanks! >>> Cos >>
signature.asc
Description: Message signed with OpenPGP using GPGMail
