On 12/27/06, Craig McClanahan <[EMAIL PROTECTED]> wrote:
The md5 and sha1 checksums are fine. When I try to verify the signature, though: gpg --verify shale-master-2.pom.asc shale-master-2.pom I get the "Can't check signature: public key not found" error. I see that your key is available (at least) on the MIT keyserver ... what's the magic incantation for using such a key (without adding it to my web of trust yet ... we should probably start doing key exchanges at events like ApacheCons)?
I think it's: gpg --import <file> Rahul, please add your key to http://www.apache.org/dist/shale/KEYS (which should be in svn somewhere, but I don't see it.) -- Wendy