Please provide an authoritative ASF location of the public key to use for checking the signature. It would be something like a continuously verified key on this list: <https://people.apache.org/keys/committer/>. (This establishes both the name of the ASF committer who possesses the signature and that the key has not been revoked.)
How will that be made known to reviewers and downloaders of the Release Candidate? - Dennis ----- Failure Output ----- Microsoft Windows [Version 10.0.10240] (c) 2015 Microsoft Corporation. All rights reserved. C:\Program Files (x86)\GNU\GnuPG>gpg2 d:\Apache\corinthia\rc\incubator-corinthia _release_0.1.zip.asc gpg: Signature made 08/14/15 02:51:06 Pacific Daylight Time using RSA key ID 577 E7412 gpg: Can't check signature: No public key C:\Program Files (x86)\GNU\GnuPG>
