That's not where it's supposed to be. It _should_ be in https://dlcdn.apache.org/xalan/xalan-j/KEYS
We should not have KEYS files in github, that makes no sense to me. Gary On Sat, Oct 29, 2022 at 12:30 PM Mukul Gandhi <muk...@apache.org> wrote: > Hi Gary, > My Xalan code signing key, is available within the file > https://github.com/apache/xalan-java/blob/xalan-j_2_7_1_maint/KEYS. > > And the following command, works for me, > > gpg --verify xalan-j_2_7_3-src.zip.asc xalan-j_2_7_3-src.zip > > gpg: Signature made 16-10-2022 06:49:16 India Standard Time > gpg: using RSA key 4D8FB572FB6ADCFD69CBFE0D7B2586A6B5E25C3D > gpg: Good signature from "Mukul Gandhi (CODE SIGNING KEY) > <muk...@apache.org>" [unknown] > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: 4D8F B572 FB6A DCFD 69CB FE0D 7B25 86A6 B5E2 5C3D > > I hope that, you could use the above steps, to verify the provided > .asc files on XalanJ 2.7.3 RC5 distribution files. Please let us know, > whether this works or not. > > If you wish, we could release, the new XalanJ 2.7.3 RC, that shall use > BCEL 6.6.1 whenever its released. > > On Sat, Oct 29, 2022 at 9:47 PM Gary Gregory <garydgreg...@gmail.com> > wrote: > > > > FYI: I'm also in the process to release BCEL 6.6.1 to fix a regression. > > > > Gary > > > > On Sat, Oct 29, 2022 at 10:40 AM Gary D. Gregory <ggreg...@apache.org> > wrote: > > > > > > I cannot validate the ASC file, this must be fixed: > > > > > > gpg --verify xalan-j_2_7_3-src.zip.asc > > > gpg: assuming signed data in 'xalan-j_2_7_3-src.zip' > > > gpg: Signature made 15-Oct-22 09:19:16 PM Eastern Daylight Time > > > gpg: using RSA key > 4D8FB572FB6ADCFD69CBFE0D7B2586A6B5E25C3D > > > gpg: Can't check signature: No public key > > > > > > When I look in the Xalan KEYS file, I do not see any entries that look > like you: > > > > > > gpg --import KEYS-xalan.txt > > > gpg: key 32EC175930A21D55: 9 signatures not checked due to missing keys > > > gpg: key 32EC175930A21D55: public key "Shane Curcuru < > curc...@apache.org>" imported > > > gpg: key 19B9C18B6442C3DC: public key "Lotusxsl Team < > lotusxsl_t...@lotus.com>" imported > > > gpg: key 4243DB39C1A25EE6: public key "Scott Boag < > scott_b...@lotus.com>" imported > > > gpg: key DECE22B6C1C57D2F: public key "Myriam Midy < > myriam_m...@lotus.com>" imported > > > gpg: key B2CDEDACBEE860DE: public key "Joseph Kesselman < > joseph_kessel...@lotus.com>" imported > > > gpg: key 4CD3752B1AFFC3FE: public key "Joseph Kesselman < > jkess...@apache.org>" imported > > > gpg: key 9586DDC11AAC221B: public key "Joseph Kesselman < > joseph_kessel...@lotus.com>" imported > > > gpg: key 0CBFC7805040E0E4: public key "Sarah McNamara < > mcnam...@ca.ibm.com>" imported > > > gpg: Note: third-party key signatures using the SHA1 algorithm are > rejected > > > gpg: (use option "--allow-weak-key-signatures" to override) > > > gpg: key 0687164E5E14E1D2: 2 bad signatures > > > gpg: key 0687164E5E14E1D2: public key "Ilene Seelemann < > il...@ca.ibm.com>" imported > > > gpg: key AB6F4EA955DEED55: public key "Henry Zongaro < > zong...@ca.ibm.com>" imported > > > gpg: key 49017F3C3B47DEFD: public key "Brian James Minchau < > minc...@ca.ibm.com>" imported > > > gpg: key B5C693D25D9C0094: public key "Brian James Minchau (IBM > Toronto Lab) <minc...@ca.ibm.com>" imported > > > gpg: key 49017F3C3B47DEFD: "Brian James Minchau <minc...@ca.ibm.com>" > not changed > > > gpg: key 86FDC7E2A11262CB: "Gary David Gregory (Code signing key) < > ggreg...@apache.org>" not changed > > > gpg: Total number processed: 14 > > > gpg: imported: 12 > > > gpg: unchanged: 2 > > > gpg: marginals needed: 3 completes needed: 1 trust model: pgp > > > gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u > > > > > > TY for your patience ;-) > > > Gary > > > -- > Regards, > Mukul Gandhi > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@xalan.apache.org > For additional commands, e-mail: dev-h...@xalan.apache.org > >
