I updated it in id.apache.org, which autogenerates [1], which should be the canonical source for our KEYS file. Give it a check in ~1 hour or so should be all good.
Cheers, Chris [1] https://people.apache.org/keys/group/oodt.asc On 7/23/17, 5:33 PM, "Sean Kelly" <ke...@apache.org> wrote: That did the trick. I'll be +1 if you also update the KEYS file. Transcript: fatalii 298 % date -u Mon Jul 24 00:32:49 UTC 2017 fatalii 299 % gpg --verify apache-oodt-1.1-src.zip.asc gpg: Signature made Wed Jul 19 13:57:50 2017 CDT using RSA key ID 0C1E654B gpg: Good signature from "Chris Mattmann (CODE SIGNING KEY - Apr 2016) <mattm...@apache.org>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: F434 C970 B95A 6FCA 6FB9 0C45 4EAA F8B6 0C1E 654B --k Chris Mattmann wrote: > Hey Sean I think I have a new key on my Mac – can you check? I just submitted the new > key to MIT keyserver, can you re-verify and see if that fixes it? > > Cheers, > Chris > > > > > On 7/23/17, 5:06 PM, "Sean Kelly"<ke...@apache.org> wrote: > > Hi folks: > > I realize it's already 72 hours and we have the requisite 3 +1 votes, > but I'm definitely in the -1 camp if this release was signed with the > wrong key. > > I hope it's just user error on my end. > > Take care > --k > > > *From:* Sean Kelly<ke...@apache.org> > > *Date:* 2017-07-22 at 12.54 p > > *To:* dev@oodt.apache.org > > *Subject:* [VOTE] Apache OODT 1.1 Release Candidate #2 > > Did anyone check the signature? > > > > I'm getting an unknown RSA key 0C1E654B: > > > > fatalii 278 % date -u > > Sat Jul 22 17:53:42 UTC 2017 > > fatalii 279 % gpg --verify apache-oodt-1.1-src.zip.asc > > gpg: Signature made Wed Jul 19 13:57:50 2017 CDT using RSA key ID 0C1E654B > > gpg: Can't check signature: No public key > > > > --k > > > > *From:* Chris Mattmann<mattm...@apache.org> > > *Date:* 2017-07-19 at 2.01 p > > *To:* dev@oodt.apache.org > > *Subject:* [VOTE] Apache OODT 1.1 Release Candidate #2 > > Hi Folks, > > > > I have posted a 2nd release candidate for the Apache OODT 1.1 release. The > > source code is at: > > > > https://dist.apache.org/repos/dist/dev/oodt/ > > > > For more detailed information, see the included CHANGES.txt file for details on > > release contents and latest changes. The release was made using the OODT > > release process, documented on the Wiki here: > > > > https://cwiki.apache.org/confluence/display/OODT/Release+Process > > > > The release was made from the OODT 1.1 tag at: > > > > https://github.com/apache/oodt/tree/1.1/ > > > > A staged Maven repository is available at: > > > > https://repository.apache.org/content/repositories/orgapacheoodt-1013/ > > > > Please vote on releasing these packages as Apache OODT 1.1. The vote is > > open for at least the next 72 hours. > > > > Only votes from OODT PMC are binding, but folks are welcome to check the > > release candidate and voice their approval or disapproval. The vote passes > > if at least three binding +1 votes are cast. > > > > [ ] +1 Release the packages as Apache OODT 1.1 > > > > [ ] -1 Do not release the packages because... > > > > Thanks! > > > > Chris Mattmann > > > > P.S. Here is my +1. > > > > > > > > > >
