I followed the steps at [0] (except that I use MacGPG). I did the same thing for your signature of mojo-parent:27 and I get the same warning message as you're getting when verifying my signature. I'm not PGP guru, but I believe this is normal as the public key is not signed by a trusted authority. If you try some other signed artifact (by someone else), I would expect that you get the same message. I always do at least.
Could someone confirm that there is no issue, please? /Anders [0] http://mojo.codehaus.org/development/performing-a-release.html#Making_GPG_Keys On Tue, Jan 11, 2011 at 22:11, Robert Scholte <rfscho...@codehaus.org>wrote: > *gpg --verify jboss-packaging-maven-plugin-2.2.jar.asc > *gpg: Signature made 01/10/11 22:45:02 using RSA key ID C66C0F69 > gpg: Good signature from "Anders Hammar (CODE SIGNING KEY) < > anders.g.ham...@gmail.com>" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: 2A5A B419 C0FB 38AB 767A AD2C 4B3F 4EDD C66C 0F69 > > Top verify it with one of my own releases: > *gpg --verify mojo-parent-27.pom.asc > *gpg: Signature made 10/05/10 21:54:33 using DSA key ID 763C98BF > gpg: Good signature from "Robert Scholte <rfscho...@codehaus.org>" > > Seems like you haven't done all the steps yet. > btw, why do this manually? Shouldn't this automaticly be checked with every > release? Sounds like the m-gpg-p is missing a goal... :) > > -Robert > > > Date: Tue, 11 Jan 2011 10:28:35 -0600 > > From: pg...@redhat.com > > To: dev@mojo.codehaus.org > > Subject: Re: [mojo-dev] [VOTE] Release JBoss Packaging Maven Plugin > version 2.2 > > > > > +1 > > > > Works ok for me. > > > > On 01/11/2011 01:36 AM, Anders Hammar wrote: > > > Hi, > > > > > > I'd like to release version 2.2 of the JBoss Packaging Maven Plugin. > > > > > > We solved 3 issues: > > > > http://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=11731&version=17054 > > > < > http://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=11731&version=17054 > > > > > > > > There are still a couple of issues left in JIRA: > > > > http://jira.codehaus.org/secure/IssueNavigator.jspa?reset=true&jqlQuery=project+%3D+MJBOSSPACK+AND+status+%3D+Open+ORDER+BY+priority+DESC&mode=hide > > > < > http://jira.codehaus.org/secure/IssueNavigator.jspa?reset=true&jqlQuery=project+%3D+MJBOSSPACK+AND+status+%3D+Open+ORDER+BY+priority+DESC&mode=hide > > > > > > > > Staging Repositories: > > > General: https://nexus.codehaus.org/content/groups/staging/ > > > Exclusive: > > > https://nexus.codehaus.org/content/repositories/orgcodehausmojo-021/ > > > > > > (Staging) Site: > > > http://mojo.codehaus.org/jboss-packaging-maven-plugin/ > > > > > > SCM Tag: > > > https://svn.codehaus.org/mojo/tags/jboss-packaging-maven-plugin-2.2 > > > > > > As this is my first release here at Codehaus Mojo, I'd appreciate if at > > > least one other person could do a more thorough review of the release > > > (including the GPG signatures). > > > > > > [ ] +1 > > > [ ] +0 > > > [ ] -1 > > > > > > The vote is open for 72 hours and will succeed by lazy consensus. > > > > > > > > > /Anders > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe from this list, please visit: > > > > http://xircles.codehaus.org/manage_email > > > > >
