Hi, The signatures are fine as far as I can see - other than not being in the web of trust as as the files came from a trusted location that's OK.
This is what I get: justinmclean$ gpg --verify apache-flex-sdk-pixel-bender-1.0.0-src.zip.asc gpg: Signature made Tue 7 Jan 05:53:19 2014 EST using RSA key ID DA9CCFF2 gpg: Good signature from "Alex Harui (CODE SIGNING KEY) <aha...@apache.org>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: E7F7 B7D4 944C AC45 7A14 C0E9 83E0 431C DA9C CFF2 Thanks, Justin
