Can you re-import the gpg keys and try again? curl https://people.apache.org/keys/group/sling.asc | gpg --import -
Robert On Tue, Nov 25, 2014 at 11:38 AM, Antonio Sanso <[email protected]> wrote: > thanks Robert, > indeed I suspected was my own issue > > gpg --verify > /tmp/sling-staging/1153/org/apache/sling/org.apache.sling.resourcemerger/1.2.0/org.apache.sling.resourcemerger-1.2.0-javadoc.jar{.asc,} > gpg: Signature made Mon Nov 24 23:19:19 2014 CET using DSA key ID 134B145C > gpg: Can't check signature: public key not found > > On Nov 25, 2014, at 10:19 AM, Robert Munteanu > <[email protected]<mailto:[email protected]>> wrote: > > On Tue, Nov 25, 2014 at 10:58 AM, Antonio Sanso > <[email protected]<mailto:[email protected]>> wrote: > hi justin, > > might be just me but > > /tmp/sling-staging/1153/org/apache/sling/org.apache.sling.resourcemerger/1.2.0/org.apache.sling.resourcemerger-1.2.0-javadoc.jar > gpg: BAD!!!!!!!! > md5 : GOOD (74ba33d337a60fdfbbe368aab5f280b6) > sha1 : GOOD (c4e0d06786a787b4da319f64f185fdb36d096009) > > it looks like there is some issue with the gpg … :S > It might be worth if other can also test… > > For me the GPG check passes. > > /tmp/sling-staging/1153/org/apache/sling/org.apache.sling.resourcemerger/1.2.0/org.apache.sling.resourcemerger-1.2.0-javadoc.jar > gpg: GOOD > md5 : GOOD (74ba33d337a60fdfbbe368aab5f280b6) > sha1 : GOOD (c4e0d06786a787b4da319f64f185fdb36d096009) > > Can you check the result of running > > gpg --verify > /tmp/sling-staging/1153/org/apache/sling/org.apache.sling.resourcemerger/1.2.0/org.apache.sling.resourcemerger-1.2.0-javadoc.jar{.asc,} > > ? > > For me it's > > gpg: Signature made Tue 25 Nov 2014 12:19:19 AM EET using DSA key ID 134B145C > gpg: Good signature from "Justin Edelson (CODE SIGNING KEY) > <[email protected]<mailto:[email protected]>>" [unknown] > gpg: aka "Justin Edelson > <[email protected]<mailto:[email protected]>>" [unknown] > gpg: aka "Justin Edelson > <[email protected]<mailto:[email protected]>>" [unknown] > gpg: aka "Justin Edelson > <[email protected]<mailto:[email protected]>>" [unknown] > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the owner. > Primary key fingerprint: A04B C4AD 3639 6AD5 A52C 8FE1 87DB F05A 134B 145C > > Robert > > > > regards > > antonio > > > On Nov 24, 2014, at 11:36 PM, Justin Edelson > <[email protected]<mailto:[email protected]><mailto:[email protected]>> > wrote: > > Hi, > > We solved 5 issues in this release: > https://issues.apache.org/jira/browse/SLING/fixforversion/12326552 > > Staging repository: > https://repository.apache.org/content/repositories/orgapachesling-1153/ > > You can use this UNIX script to download the release and verify the > signatures: > http://svn.apache.org/repos/asf/sling/trunk/check_staged_release.sh > > Usage: > sh check_staged_release.sh 1153 /tmp/sling-staging > > Please vote to approve this release: > > [ ] +1 Approve the release > [ ] 0 Don't care > [ ] -1 Don't release, because ... > > This majority vote is open for at least 72 hours. > > > > > -- > Sent from my (old) computer > -- Sent from my (old) computer
