Ok, I had created a new subkey and hadn't pushed it to the servers or the KEYS file. If you import the ORC KEYS file now, it should check out. The new subkey (75EBAAECF7A297FF22E8C18DD19EB09DAD1C5877) still uses the same master key (47660BC98BC433F01E5C90581209E7F13D0C92B9).
Thanks, Owen On Thu, Apr 23, 2020 at 8:49 PM Dongjoon Hyun <[email protected]> wrote: > Hi, Owen. > > Could you check the GPG sign? I'm hitting GPG verification failure like the > following. > > # gpg --verify orc-1.5.10rc1.tar.gz.asc > gpg: assuming signed data in 'orc-1.5.10rc1.tar.gz' > gpg: Signature made Thu Apr 23 17:12:16 2020 PDT > gpg: using RSA key 75EBAAECF7A297FF22E8C18DD19EB09DAD1C5877 > gpg: Can't check signature: No public key > > > Previously, the artifacts are signed by your key > `47660BC98BC433F01E5C90581209E7F13D0C92B9`. > For this release, it seems to be changed to some unknown key which Apache > ORC KEYS doesn't include. > > Bests, > Dongjoon. > > > On Thu, Apr 23, 2020 at 5:15 PM Owen O'Malley <[email protected]> > wrote: > > > All, > > > > Should we release the following artifacts as ORC 1.5.10? > > > > tar: http://home.apache.org/~omalley/orc-1.5.10/ > > tag: https://github.com/apache/orc/releases/tag/release-1.5.10rc1 > > jiras: https://issues.apache.org/jira/projects/ORC/versions/12346912 > > > > Thanks! > > >
