Hi Dave, Thanks for the quick reply.
Should I raise a bug to have the error message clarified from "no valid signature" to "public key for xxxxxxxxxx not found in DB project repository". Warm regards, Craig > On May 19, 2026, at 15:16, Dave Fisher <[email protected]> wrote: > >> >> On May 19, 2026, at 1:40 PM, Craig Russell <[email protected]> wrote: >> >> Hi, >> >> I'm getting an error with >> https://release-test.apache.org/report/db-jdo/jdo-3.3-SNAPSHOT-source-release/jdo-3.3-SNAPSHOT-source-release.tar.gz.asc >> >> The message is not completely understandable. [1] What does "no valid >> signature found" mean? > > Your GPG public key is not found in ATR. You need to upload your GPG public > key into ATR at https://release-test.apache.org/keys and then associate that > key with the DB committee. > > IIRC - Due to the unusual way that DB has multiple KEYS files we are going to > recommend that you start behaving like every other PMC and have a single KEYS > file. > >> >> I have verified the validity of the files: >> >> clr% gpg --verify jdo-3.3-SNAPSHOT-source-release.tar.gz.asc >> jdo-3.3-SNAPSHOT-source-release.tar.gz >> gpg: Signature made Mon May 18 18:52:55 2026 PDT >> gpg: using RSA key 4F66E2ED08DE0A8DDC4704C381ABAEA820DE9E54 >> gpg: Good signature from "Craig Laird Russell (CODE SIGNING KEY) >> <[email protected]>" [ultimate] >> >> [1] >> No valid signature found >> Verified No >> Error No valid signature found >> Error Kind missing_signature >> (Debug) Key Id 81abaea820de9e54 >> (Debug) Fingerprint Not available >> (Debug) Pubkey Fingerprint Not available >> (Debug) Creation Date 1779155575 >> (Debug) Timestamp 1779155575 >> (Debug) Username Not available >> (Debug) Status No valid signature found >> (Debug) Valid No >> (Debug) Trust Level Not available >> (Debug) Trust Text Not available >> (Debug) Stderr Not available >> (Debug) Num Committee Keys 0 >> (Debug) Key Has Apache Uid No >> (Debug) Hash Algorithm SHA512 >> (Debug) Signature Type binary >> (Debug) Public Key Algorithm rsa >> >> >> Craig L Russell >> [email protected] >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> <mailto:[email protected]> >> For additional commands, e-mail: [email protected] >> <mailto:[email protected]> Craig L Russell [email protected]
