On 12/27/06, Wendy Smoak <[EMAIL PROTECTED]> wrote:
On 12/27/06, Craig McClanahan <[EMAIL PROTECTED]> wrote:
> The md5 and sha1 checksums are fine. When I try to verify the signature,
> though:
>
> gpg --verify shale-master-2.pom.asc shale-master-2.pom
>
> I get the "Can't check signature: public key not found" error. I see that
> your key is available (at least) on the MIT keyserver ... what's the magic
> incantation for using such a key (without adding it to my web of trust yet
> ... we should probably start doing key exchanges at events like ApacheCons)?
I think it's: gpg --import <file>
Rahul, please add your key to http://www.apache.org/dist/shale/KEYS
(which should be in svn somewhere, but I don't see it.)
<snip/>
Sure, will do that before sending the master pom over to the sync
repo. Thanks for the reminder (don't think we have it in SVN, will add
to your dist/ pointer above on pao).
-Rahul
--
Wendy