Hi Bhargav, Thanks for trying this out. I'm replying on dev, because others may also want to know.
Basically, how this works is that you need to load MY public key (or, more formally, the public key of the Isis release manager) into your computer's keystore. Then, when you download the .zip file and the corresponding .asc file, if it verifies, then you know that the artifact is the one that I created (was signed by me, using my private key). So, you don't generate a public key or anything, you need to import my public key from wherever I tell you that you can get it. What's missing from the documentation, I realise, is this last, crucial piece of information. In fact, Isis does what most if not all Apache projects do, which is to store the public keys in the trunk; but we didn't say so. Anyway, I've updated [1], which now explains where to get the keys and how to import them. So, have a read of that, and do try again. Cheers Dan [1] http://isis.apache.org/contributors/verifying-releases.html On 27 May 2013 16:12, Bhargav Golla <[email protected]> wrote: > Hi Dan > > I am new to testing releases. I am trying to follow the link you shared > where it is explained about how I can check releases. But I am getting a > "gpg: Can't check signature: public key not found". I have tried generating > Public Key as shown in this page ( > https://cwiki.apache.org/ISIS/generatingpgpkeys.html). But I am still > getting the same error. I think I am supposed to use a gpgkey that is > already available. Could you help me here? > > Thanks > Bhargav Golla > Developer. Freelancer. > B.E (Hons.) Computer Science > BITS-Pilani > Github <http://www.github.com/bhargavgolla> | > LinkedIN<http://www.linkedin.com/in/bhargavgolla> > | Website <http://www.bhargavgolla.com/> >
