You probably want to do: gpg --keyserver pgp.mit.edu --recv-keys 30CD0996 That wlil update Stack's keys and its signatures from the central repo. Though you still won't have a "web of trust" unless you have also signed a bunch of keys, I don't think. But I've signed Owen's key 3D0C92B9, and Owen has signed Stack's key 30CD0996, so I can verify that signature.
-Todd On Wed, Mar 14, 2012 at 10:49 AM, Jonathan Hsieh <[email protected]> wrote: > Sorry about my ignorance about this -- I'm new to the gpg tools. I missed > stack's key when I checked in the asc file. I just ran thought the steps I > could gather and here's what I get. I'm not completely sure but I believe > there is still something not quite right with this (same WARNING on stack's > and ram's signature). > > Am I doing something wrong? (or just worrying too much..) > > ---- > [jon@c0309 dist]$ curl > http://svn.apache.org/viewvc/hbase/dist/KEYS?view=co> KEYS > [jon@c0309 dist]$ gpg --import KEYS > gpg: key 30CD0996: public key "Michael Stack <[email protected]>" imported > gpg: key 945D66AF: public key "Jean-Daniel Cryans (ASF key) < > [email protected]>" imported > gpg: key D34B98D6: public key "Michael Stack <[email protected]>" imported > gpg: key AEC77EAF: public key "Todd Lipcon <[email protected]>" imported > gpg: Total number processed: 4 > gpg: imported: 4 (RSA: 2) > [jon@c0309 dist]$ gpg --verify hbase-0.90.6.tar.gz.asc.1 > hbase-0.90.6-rc5.tar.gz > gpg: Signature made Fri 02 Mar 2012 10:40:13 AM PST using RSA key ID > 30CD0996 > gpg: Good signature from "Michael Stack <[email protected]>" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: 686E 5EDF 04A4 8305 5416 0910 DF0F 5BBC 30CD 0996 > gpg: Signature made Fri 02 Mar 2012 09:40:28 AM PST using RSA key ID > 867B57B8 > gpg: Good signature from "Ramkrishna S Vasudevan (for code checkin) < > [email protected]>" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: 7405 BB74 016B E7D0 7B25 15E3 A1AB D56E 867B 57B8 > [jon@c0309 dist]$ > [jon@c0309 dist]$ # this is stack's > [jon@c0309 dist]$ gpg --fingerprint 30cd0996 > pub 2048R/30CD0996 2010-05-03 > Key fingerprint = 686E 5EDF 04A4 8305 5416 0910 DF0F 5BBC 30CD 0996 > uid Michael Stack <[email protected]> > sub 2048R/00A5F21E 2010-05-03 > --- > > Jon. > > > On Wed, Mar 14, 2012 at 10:06 AM, Stack <[email protected]> wrote: > >> On Wed, Mar 14, 2012 at 9:21 AM, Jonathan Hsieh <[email protected]> wrote: >> > We need get the gpg signature fixed since you aren't in the web of trust >> > yet. We need to add stack's and I'd like to add mine once my keys get >> > added to the web of trust (folks are a little more accessible here). >> > >> >> I thought I signed it. >> >> if not, can check the bits and sign before release. >> >> Thanks for taking her for a spin Jon. >> St.Ack >> > > > > -- > // Jonathan Hsieh (shay) > // Software Engineer, Cloudera > // [email protected] -- Todd Lipcon Software Engineer, Cloudera
