Sorry about my ignorance about this -- I'm new to the gpg tools. I missed stack's key when I checked in the asc file. I just ran thought the steps I could gather and here's what I get. I'm not completely sure but I believe there is still something not quite right with this (same WARNING on stack's and ram's signature).
Am I doing something wrong? (or just worrying too much..) ---- [jon@c0309 dist]$ curl http://svn.apache.org/viewvc/hbase/dist/KEYS?view=co> KEYS [jon@c0309 dist]$ gpg --import KEYS gpg: key 30CD0996: public key "Michael Stack <[email protected]>" imported gpg: key 945D66AF: public key "Jean-Daniel Cryans (ASF key) < [email protected]>" imported gpg: key D34B98D6: public key "Michael Stack <[email protected]>" imported gpg: key AEC77EAF: public key "Todd Lipcon <[email protected]>" imported gpg: Total number processed: 4 gpg: imported: 4 (RSA: 2) [jon@c0309 dist]$ gpg --verify hbase-0.90.6.tar.gz.asc.1 hbase-0.90.6-rc5.tar.gz gpg: Signature made Fri 02 Mar 2012 10:40:13 AM PST using RSA key ID 30CD0996 gpg: Good signature from "Michael Stack <[email protected]>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 686E 5EDF 04A4 8305 5416 0910 DF0F 5BBC 30CD 0996 gpg: Signature made Fri 02 Mar 2012 09:40:28 AM PST using RSA key ID 867B57B8 gpg: Good signature from "Ramkrishna S Vasudevan (for code checkin) < [email protected]>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 7405 BB74 016B E7D0 7B25 15E3 A1AB D56E 867B 57B8 [jon@c0309 dist]$ [jon@c0309 dist]$ # this is stack's [jon@c0309 dist]$ gpg --fingerprint 30cd0996 pub 2048R/30CD0996 2010-05-03 Key fingerprint = 686E 5EDF 04A4 8305 5416 0910 DF0F 5BBC 30CD 0996 uid Michael Stack <[email protected]> sub 2048R/00A5F21E 2010-05-03 --- Jon. On Wed, Mar 14, 2012 at 10:06 AM, Stack <[email protected]> wrote: > On Wed, Mar 14, 2012 at 9:21 AM, Jonathan Hsieh <[email protected]> wrote: > > We need get the gpg signature fixed since you aren't in the web of trust > > yet. We need to add stack's and I'd like to add mine once my keys get > > added to the web of trust (folks are a little more accessible here). > > > > I thought I signed it. > > if not, can check the bits and sign before release. > > Thanks for taking her for a spin Jon. > St.Ack > -- // Jonathan Hsieh (shay) // Software Engineer, Cloudera // [email protected]
