I'm seeing the same thing as Ant, it looks like the distribution signatures were updated, but not the maven signatures as you can see below by the key ID.
Distribution: gpg: Signature made Tue 06 Jan 2009 06:35:56 AM PST using DSA key ID 508BD6BB Maven artifacts: gpg: Signature made Wed 31 Dec 2008 08:42:14 AM PST using DSA key ID A124B386 gpg: Can't check signature: public key not found On Tue, Jan 6, 2009 at 8:58 AM, ant elder <[email protected]> wrote: > The binary and src distribution signatures look ok to me but I'm getting > some failures on the maven artifacts, eg these two: > > C:\Tuscany\Distros\1.4-RC4>gpg --verify > tuscany-binding-ejb-runtime-1.4.jar.asc > gpg: Signature made 12/31/08 17:11:13 using DSA key ID A124B386 > gpg: requesting key A124B386 from hkp server pgp.surfnet.nl > gpgkeys: key 341AA705A124B386 not found on keyserver > gpg: no valid OpenPGP data found. > gpg: Total number processed: 0 > gpg: Can't check signature: public key not found > > C:\Tuscany\Distros\1.4-RC4>gpg --verify site.xml.asc > gpg: Signature made 01/06/09 14:42:21 using DSA key ID 508BD6BB > gpg: BAD signature from "Ramkumar Ramalingam (Code Signing Key) > <[email protected]>" > > ...ant > > On Tue, Jan 6, 2009 at 3:27 PM, Ramkumar R <[email protected]> wrote: >> >> Thanks Simon, >> >> The KEYS files have been recreated and the artifacts have been resigned >> with the new keys. And the keyserver >> is been updated accordingly. >> >> On Tue, Jan 6, 2009 at 5:26 PM, Simon Laws <[email protected]> >> wrote: >>> >>> >>> On Tue, Jan 6, 2009 at 11:31 AM, Ramkumar R <[email protected]> >>> wrote: >>>> >>>> Hi All, >>>> >>>> While including my public keys in the KEYS file[1], noticed that my keys >>>> have got an expiry date with it which is one month from the date of >>>> creation. >>>> So I think I might have to recreate the public keys without any expiry >>>> date and resign the artifacts in RC4, the actual artifacts (*.jar and >>>> *.zip) >>>> will not >>>> change but only the signature files. >>>> >>>> I might need your help in verifying the signature once I am done with >>>> the same. >>>> >>>> [1] http://svn.apache.org/repos/asf/tuscany/KEYS >>>> >>>> On Mon, Jan 5, 2009 at 3:23 PM, Simon Laws <[email protected]> >>>> wrote: >>>>> >>>>> Hi Ram. Happy new year to you also. Thanks for all your hard work in >>>>> getting the release together. I've just taken a look through it. >>>>> >>>>> - The samples/demos I tried worked OK >>>>> - The LICENSE file looks OK >>>>> - The RAT files look OK. >>>>> - The src distro built for me on windows >>>>> - I checked the signature on the binary zip file and it looks good. >>>>> However you need to include your public key in the KEYS file [1]. The KEYS >>>>> file should then be copied to the distro dir when [2] when you actually >>>>> copy >>>>> up the rest of the files. >>>>> >>>>> So +1 from me for the release. >>>>> >>>>> Regards >>>>> >>>>> Simon >>>>> >>>>> [1] http://svn.apache.org/repos/asf/tuscany/KEYS >>>>> [2] http://www.apache.org/dist/tuscany/KEYS >>>> >>>> >>>> >>>> -- >>>> Thanks & Regards, >>>> Ramkumar Ramalingam >>> >>> Ok, Ram. I can give it a spin when you are done. >>> >>> Simon >> >> >> >> -- >> Thanks & Regards, >> Ramkumar Ramalingam > > -- Luciano Resende Apache Tuscany, Apache PhotArk http://people.apache.org/~lresende http://lresende.blogspot.com/
