On 12/27/06, Craig McClanahan <[EMAIL PROTECTED]> wrote:

The md5 and sha1 checksums are fine.  When I try to verify the signature,
though:

    gpg --verify  shale-master-2.pom.asc shale-master-2.pom

I get the "Can't check signature:  public key not found" error.  I see that
your key is available (at least) on the MIT keyserver ... what's the magic
incantation for using such a key (without adding it to my web of trust yet
... we should probably start doing key exchanges at events like ApacheCons)?

I think it's:  gpg --import <file>

Rahul, please add your key to http://www.apache.org/dist/shale/KEYS
(which should be in svn somewhere, but I don't see it.)

--
Wendy

Reply via email to