Hi Attila, Sorry that I used a wrong key to sign the artifacts. I’ll close this vote and start a new one. Thanks very much for pointing out!
William > 2023年3月16日 02:29,Attila Doroszlai <[email protected]> 写道: > > Hi William, > > Thanks for working on the RC. > >> The fingerprint of PGP key release artifacts are signed with: >> DCE2 C33D 41C6 2578 969D BAFE 37D6 ECF8 4E78 BC92 >> >> My public key to verify signatures can be found in: >> https://dist.apache.org/repos/dist/dev/ratis/KEYS > > I have imported your key from KEYS: > > $ curl -LO https://dist.apache.org/repos/dist/dev/ratis/KEYS > $ gpg --import KEYS > ... > gpg: key 37D6ECF84E78BC92: public key "William Song (For Apache > Project Release) <[email protected]>" imported > gpg: Total number processed: 11 > gpg: imported: 1 > gpg: unchanged: 10 > > But am unable to verify the signature of the tarball: > > $ gpg --verify ratis-thirdparty-1.0.4-src.tar.gz.asc > ratis-thirdparty-1.0.4-src.tar.gz > gpg: Signature made Wed 15 Mar 2023 11:13:20 AM CET > gpg: using EDDSA key 8F534410776FEDBE953CA795B5306339B3621069 > gpg: Can't check signature: No public key > > Am I missing something? > > -Attila
