Myself and Nikita just created new keys to address the issue with SHA1 sig. Dod we mess something up?
> On Aug 22, 2024, at 10:08 AM, John Huss <johnth...@gmail.com> wrote: > > The KEYS file seems to be missing the fingerprint for the key that signed > these binaries. > > Missing fingerprint: B898 C51C 5FD4 0C64 6AF1 BA49 1E56 A374 F7FA 8357 > > > wget -q http://www.apache.org/dist/cayenne/KEYS > > > gpg --import KEYS > > > find . -name '*.asc' -exec gpg --verify '{}' ';' > > gpg: assuming signed data in './cayenne-5.0-M1-src.tar.gz' > > gpg: Signature made Wed Aug 21 03:13:52 2024 CDT > > gpg: using RSA key *B898C51C5FD40C646AF1BA491E56A374F7FA8357* > > gpg: *Can't check signature: No public key* > > gpg: assuming signed data in './cayenne-5.0-M1-macosx.dmg' > > gpg: Signature made Wed Aug 21 03:13:52 2024 CDT > > gpg: using RSA key B898C51C5FD40C646AF1BA491E56A374F7FA8357 > > gpg: Can't check signature: No public key > > gpg: assuming signed data in './cayenne-5.0-M1-win.zip' > > gpg: Signature made Wed Aug 21 03:13:53 2024 CDT > > gpg: using RSA key B898C51C5FD40C646AF1BA491E56A374F7FA8357 > > gpg: Can't check signature: No public key > > gpg: assuming signed data in './cayenne-5.0-M1.tar.gz' > > gpg: Signature made Wed Aug 21 03:13:52 2024 CDT > > gpg: using RSA key B898C51C5FD40C646AF1BA491E56A374F7FA8357 > > gpg: Can't check signature: No public key > > > > > On Wed, Aug 21, 2024 at 3:39 AM Nikita Timofeev <ntimof...@objectstyle.com> > wrote: > >> Hi all, >> >> Here is the first milestone release of 5.0. >> It's primarily focusing on dropping and refactoring older stuff (no more >> ROP), but has some nice features too. >> Overall it contains 116 issues in Jira. >> >> Release notes: >> https://github.com/apache/cayenne/blob/5.0-M1/RELEASE-NOTES.txt >> Maven repo: >> https://repository.apache.org/content/repositories/orgapachecayenne-1057/ >> Assemblies: https://dist.apache.org/repos/dist/dev/cayenne/5.0-M1/ >> >> Please evaluate and cast your votes >> >> -- >> Best regards, >> Nikita Timofeev >>
