Hi Jon Thanks for taking a try on the RC.
I think Stack signed it and that is what I added in the RC. Anyway today I will try to create the release and before that will ensure that the signing is done correctly. Regards Ram > -----Original Message----- > From: Jonathan Hsieh [mailto:[email protected]] > Sent: Wednesday, March 14, 2012 11:20 PM > To: [email protected] > Subject: Re: ANN:0.90.6 RC5 available for download > > Sorry about my ignorance about this -- I'm new to the gpg tools. I > missed > stack's key when I checked in the asc file. I just ran thought the > steps I > could gather and here's what I get. I'm not completely sure but I > believe > there is still something not quite right with this (same WARNING on > stack's > and ram's signature). > > Am I doing something wrong? (or just worrying too much..) > > ---- > [jon@c0309 dist]$ curl > http://svn.apache.org/viewvc/hbase/dist/KEYS?view=co> KEYS > [jon@c0309 dist]$ gpg --import KEYS > gpg: key 30CD0996: public key "Michael Stack <[email protected]>" > imported > gpg: key 945D66AF: public key "Jean-Daniel Cryans (ASF key) < > [email protected]>" imported > gpg: key D34B98D6: public key "Michael Stack <[email protected]>" > imported > gpg: key AEC77EAF: public key "Todd Lipcon <[email protected]>" > imported > gpg: Total number processed: 4 > gpg: imported: 4 (RSA: 2) > [jon@c0309 dist]$ gpg --verify hbase-0.90.6.tar.gz.asc.1 > hbase-0.90.6-rc5.tar.gz > gpg: Signature made Fri 02 Mar 2012 10:40:13 AM PST using RSA key ID > 30CD0996 > gpg: Good signature from "Michael Stack <[email protected]>" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: 686E 5EDF 04A4 8305 5416 0910 DF0F 5BBC 30CD > 0996 > gpg: Signature made Fri 02 Mar 2012 09:40:28 AM PST using RSA key ID > 867B57B8 > gpg: Good signature from "Ramkrishna S Vasudevan (for code checkin) < > [email protected]>" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: 7405 BB74 016B E7D0 7B25 15E3 A1AB D56E 867B > 57B8 > [jon@c0309 dist]$ > [jon@c0309 dist]$ # this is stack's > [jon@c0309 dist]$ gpg --fingerprint 30cd0996 > pub 2048R/30CD0996 2010-05-03 > Key fingerprint = 686E 5EDF 04A4 8305 5416 0910 DF0F 5BBC 30CD > 0996 > uid Michael Stack <[email protected]> > sub 2048R/00A5F21E 2010-05-03 > --- > > Jon. > > > On Wed, Mar 14, 2012 at 10:06 AM, Stack <[email protected]> wrote: > > > On Wed, Mar 14, 2012 at 9:21 AM, Jonathan Hsieh <[email protected]> > wrote: > > > We need get the gpg signature fixed since you aren't in the web of > trust > > > yet. We need to add stack's and I'd like to add mine once my keys > get > > > added to the web of trust (folks are a little more accessible > here). > > > > > > > I thought I signed it. > > > > if not, can check the bits and sign before release. > > > > Thanks for taking her for a spin Jon. > > St.Ack > > > > > > -- > // Jonathan Hsieh (shay) > // Software Engineer, Cloudera > // [email protected]
