Hi Willem, The public key has been uploaded to key server[1], if it doesn't work in your env, Could you please download the KEYS file and import it? And, next time i will generate a 4096 bit key.
[1]. https://pgp.mit.edu/pks/lookup?op=vindex&search=0x5710EE35C50AC1B1 Regards, yukon On Thu, Feb 09, 2017 at 8:50am, Willem Jiang < [email protected] [[email protected]] > wrote: Hi, I just tried to verify the artifact sign, I got these message: gpg rocketmq-test-4.0.0-incubating-sources.jar.asc gpg: Signature made Tue Feb 7 17:17:14 2017 CST using RSA key ID C50AC1B1 gpg: Can't check signature: public key not found it looks like the public key is not upload the keyserver. You can upload the key to the key server here[1]. BTW the key that yukon uses is less than 2048 bit, it's better to choose a strong one as this suggested[2] [1]https://pgp.mit.edu/ [2]https://www.apache.org/dev/openpgp.html#generate-key Willem Jiang Blog: http://willemjiang.blogspot.com (English) http://jnn.iteye.com (Chinese) Twitter: willemjiang Weibo: 姜宁willem On Tue, Feb 7, 2017 at 7:24 PM, Justin Mclean <[email protected]> wrote: > Hi, > > Please put all non vote discussion here, rather than in the vote thread, > as it makes it easier to count and review votes. > > Thanks, > Justin
