On Mon, Aug 24, 2009 at 10:57 PM, Wendy Smoak <[email protected]> wrote:
> On Mon, Aug 24, 2009 at 3:46 AM, Marica Tan<[email protected]> wrote: > > Continuum 1.3.4 has been staged and includes fixes for 54 issues. > > > > The binaries, sources, checksums, signatures and staging repo can be > found > > here: > > http://vmbuild.apache.org/archiva/repository/staged-continuum > > I'm having trouble checking the signatures on the jetty bundle. I get: > > imbrium:continuum-1.3.4 wsmoak$ gpg -v continuum-jetty-1.3.4-bin.tar.gz.asc > gpg: armor header: Version: GnuPG v1.4.6 (GNU/Linux) > gpg: assuming signed data in `continuum-jetty-1.3.4-bin.tar.gz' > gpg: Signature made Mon Aug 24 02:23:54 2009 MST using DSA key ID BCCEFD69 > gpg: Can't check signature: public key not found > > I have imported the Continuum KEYS file previously, your key is in > there and hasn't changed: > > imbrium:continuum-1.3.4 wsmoak$ gpg --import ~/svn/continuum/project/KEYS > gpg: key B4372146: "Olivier Lamy <[email protected]>" not changed > gpg: key 512AC8E7: "Maria Catherine Tan <[email protected]>" not changed > gpg: Total number processed: 2 > gpg: unchanged: 2 > > Was there anything different about the way you signed this release or > do you see what I'm doing wrong? > I used a different machine for this release. Could that be the cause? I'm getting a bad signature :( > > Thanks, > -- > Wendy > Do you think I need to redo the release? Thanks -- Marica
