The binary and src distribution signatures look ok to me but I'm getting some failures on the maven artifacts, eg these two:
C:\Tuscany\Distros\1.4-RC4>gpg --verify tuscany-binding-ejb-runtime-1.4.jar.asc gpg: Signature made 12/31/08 17:11:13 using DSA key ID A124B386 gpg: requesting key A124B386 from hkp server pgp.surfnet.nl gpgkeys: key 341AA705A124B386 not found on keyserver gpg: no valid OpenPGP data found. gpg: Total number processed: 0 gpg: Can't check signature: public key not found C:\Tuscany\Distros\1.4-RC4>gpg --verify site.xml.asc gpg: Signature made 01/06/09 14:42:21 using DSA key ID 508BD6BB gpg: BAD signature from "Ramkumar Ramalingam (Code Signing Key) < [email protected]>" ...ant On Tue, Jan 6, 2009 at 3:27 PM, Ramkumar R <[email protected]> wrote: > Thanks Simon, > > The KEYS files have been recreated and the artifacts have been resigned > with the new keys. And the keyserver > is been updated accordingly. > > > On Tue, Jan 6, 2009 at 5:26 PM, Simon Laws <[email protected]>wrote: > >> >> >> On Tue, Jan 6, 2009 at 11:31 AM, Ramkumar R <[email protected]>wrote: >> >>> Hi All, >>> >>> While including my public keys in the KEYS file[1], noticed that my keys >>> have got an expiry date with it which is one month from the date of >>> creation. >>> So I think I might have to recreate the public keys without any expiry >>> date and resign the artifacts in RC4, the actual artifacts (*.jar and *.zip) >>> will not >>> change but only the signature files. >>> >>> I might need your help in verifying the signature once I am done with the >>> same. >>> >>> [1] http://svn.apache.org/repos/asf/tuscany/KEYS >>> >>> On Mon, Jan 5, 2009 at 3:23 PM, Simon Laws <[email protected]>wrote: >>> >>>> >>>> Hi Ram. Happy new year to you also. Thanks for all your hard work in >>>> getting the release together. I've just taken a look through it. >>>> >>>> - The samples/demos I tried worked OK >>>> - The LICENSE file looks OK >>>> - The RAT files look OK. >>>> - The src distro built for me on windows >>>> - I checked the signature on the binary zip file and it looks good. >>>> However you need to include your public key in the KEYS file [1]. The KEYS >>>> file should then be copied to the distro dir when [2] when you actually >>>> copy >>>> up the rest of the files. >>>> >>>> So +1 from me for the release. >>>> >>>> Regards >>>> >>>> Simon >>>> >>>> [1] http://svn.apache.org/repos/asf/tuscany/KEYS >>>> [2] http://www.apache.org/dist/tuscany/KEYS >>>> >>> >>> >>> >>> -- >>> Thanks & Regards, >>> Ramkumar Ramalingam >>> >> >> Ok, Ram. I can give it a spin when you are done. >> >> Simon >> > > > > -- > Thanks & Regards, > Ramkumar Ramalingam >
