Signratures are good here as well after gpg --import KEYS. +1 (non-binding)
Regards Julian On Tue, Nov 25, 2014 at 10:19 AM, Robert Munteanu <[email protected]> wrote: > On Tue, Nov 25, 2014 at 10:58 AM, Antonio Sanso <[email protected]> wrote: >> hi justin, >> >> might be just me but >> >> /tmp/sling-staging/1153/org/apache/sling/org.apache.sling.resourcemerger/1.2.0/org.apache.sling.resourcemerger-1.2.0-javadoc.jar >> gpg: BAD!!!!!!!! >> md5 : GOOD (74ba33d337a60fdfbbe368aab5f280b6) >> sha1 : GOOD (c4e0d06786a787b4da319f64f185fdb36d096009) >> >> it looks like there is some issue with the gpg … :S >> It might be worth if other can also test… > > For me the GPG check passes. > > /tmp/sling-staging/1153/org/apache/sling/org.apache.sling.resourcemerger/1.2.0/org.apache.sling.resourcemerger-1.2.0-javadoc.jar > gpg: GOOD > md5 : GOOD (74ba33d337a60fdfbbe368aab5f280b6) > sha1 : GOOD (c4e0d06786a787b4da319f64f185fdb36d096009) > > Can you check the result of running > > gpg --verify > /tmp/sling-staging/1153/org/apache/sling/org.apache.sling.resourcemerger/1.2.0/org.apache.sling.resourcemerger-1.2.0-javadoc.jar{.asc,} > > ? > > For me it's > > gpg: Signature made Tue 25 Nov 2014 12:19:19 AM EET using DSA key ID 134B145C > gpg: Good signature from "Justin Edelson (CODE SIGNING KEY) > <[email protected]>" [unknown] > gpg: aka "Justin Edelson <[email protected]>" [unknown] > gpg: aka "Justin Edelson <[email protected]>" [unknown] > gpg: aka "Justin Edelson > <[email protected]>" [unknown] > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the owner. > Primary key fingerprint: A04B C4AD 3639 6AD5 A52C 8FE1 87DB F05A 134B 145C > > Robert > > >> >> regards >> >> antonio >> >> >> On Nov 24, 2014, at 11:36 PM, Justin Edelson >> <[email protected]<mailto:[email protected]>> wrote: >> >> Hi, >> >> We solved 5 issues in this release: >> https://issues.apache.org/jira/browse/SLING/fixforversion/12326552 >> >> Staging repository: >> https://repository.apache.org/content/repositories/orgapachesling-1153/ >> >> You can use this UNIX script to download the release and verify the >> signatures: >> http://svn.apache.org/repos/asf/sling/trunk/check_staged_release.sh >> >> Usage: >> sh check_staged_release.sh 1153 /tmp/sling-staging >> >> Please vote to approve this release: >> >> [ ] +1 Approve the release >> [ ] 0 Don't care >> [ ] -1 Don't release, because ... >> >> This majority vote is open for at least 72 hours. >> > > > > -- > Sent from my (old) computer
