On Wed, May 6, 2009 at 10:43 AM, Craig L Russell <[email protected]> wrote: > Much better! > <snip/> > [CraigRussell:~/Downloads] clr% gpg --verify > commons-chain-1.2-bin.tar.gz.asc > gpg: Signature made Tue May 5 22:13:09 2009 PDT using DSA key ID 42196CA8 > gpg: Good signature from "Christian Grobmeier (Apache Codesigning) > <[email protected]>" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: 9D23 5338 96A9 7847 0358 5B62 86E0 2C5A 4219 6CA8 > > I'd vote for this signature being valid to sign releases. Only incubator > releases right now, since it hasn't been signed by the Apache WOT. That can > be fixed at a Sign-a-Thon. ;-) > <snap/>
I'd vote for Apache Commons releases signed by any key thats in the KEYS file (regardless of WOT status -- keysigning would be good and is encouraged, but isn't a blocker). -Rahul > Craig > > On May 5, 2009, at 11:35 PM, Christian Grobmeier wrote: > >>> gpg: Can't check signature: public key not found >>> [CraigRussell:~/Downloads] clr% gpg --recv-keys 42196CA8 >>> gpg: requesting key 42196CA8 from hkp server subkeys.pgp.net >>> gpgkeys: key 42196CA8 not found on keyserver >> >> Thanks, i sent it to several keyservers now :-) >> Can you try again? >> >> Christian >> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
