I created a request for you : https://github.com/apache/tooling-trusted-releases/issues/1255
Best, Dave > On May 20, 2026, at 6:47 AM, Craig Russell <[email protected]> wrote: > > Hi Dave, > > Thanks for the quick reply. > > Should I raise a bug to have the error message clarified from "no valid > signature" to "public key for xxxxxxxxxx not found in DB project repository". > > Warm regards, > Craig > > >> On May 19, 2026, at 15:16, Dave Fisher <[email protected]> wrote: >> >>> >>> On May 19, 2026, at 1:40 PM, Craig Russell <[email protected]> wrote: >>> >>> Hi, >>> >>> I'm getting an error with >>> https://release-test.apache.org/report/db-jdo/jdo-3.3-SNAPSHOT-source-release/jdo-3.3-SNAPSHOT-source-release.tar.gz.asc >>> >>> The message is not completely understandable. [1] What does "no valid >>> signature found" mean? >> >> Your GPG public key is not found in ATR. You need to upload your GPG public >> key into ATR at https://release-test.apache.org/keys >> <https://release-test.apache.org/keys> and then associate that key with the >> DB committee. >> >> IIRC - Due to the unusual way that DB has multiple KEYS files we are going >> to recommend that you start behaving like every other PMC and have a single >> KEYS file. >> >>> >>> I have verified the validity of the files: >>> >>> clr% gpg --verify jdo-3.3-SNAPSHOT-source-release.tar.gz.asc >>> jdo-3.3-SNAPSHOT-source-release.tar.gz >>> gpg: Signature made Mon May 18 18:52:55 2026 PDT >>> gpg: using RSA key 4F66E2ED08DE0A8DDC4704C381ABAEA820DE9E54 >>> gpg: Good signature from "Craig Laird Russell (CODE SIGNING KEY) >>> <[email protected]>" [ultimate] >>> >>> [1] >>> No valid signature found >>> Verified No >>> Error No valid signature found >>> Error Kind missing_signature >>> (Debug) Key Id 81abaea820de9e54 >>> (Debug) Fingerprint Not available >>> (Debug) Pubkey Fingerprint Not available >>> (Debug) Creation Date 1779155575 >>> (Debug) Timestamp 1779155575 >>> (Debug) Username Not available >>> (Debug) Status No valid signature found >>> (Debug) Valid No >>> (Debug) Trust Level Not available >>> (Debug) Trust Text Not available >>> (Debug) Stderr Not available >>> (Debug) Num Committee Keys 0 >>> (Debug) Key Has Apache Uid No >>> (Debug) Hash Algorithm SHA512 >>> (Debug) Signature Type binary >>> (Debug) Public Key Algorithm rsa >>> >>> >>> Craig L Russell >>> [email protected] >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [email protected] >>> <mailto:[email protected]> >>> For additional commands, e-mail: [email protected] >>> <mailto:[email protected]> > Craig L Russell > [email protected] >
