Thanks for the quick response Bertrand! I generated the MD5 and SHA file based on: http://www.apache.org/dev/release-signing.html#md5 using the commands:
$ gpg --print-md MD5 [fileName] > [fileName].md5 and $ gpg --print-md SHA1 [fileName] > [fileName].sha As for your comment about the ASC file, I'm not sure what you mean by "your key hasn't been signed by anyone"? Can you tell me how to fix it if this is a problem? Here is what I get when I check for verification: $ gpg --verify Incubating-Apache-Lucene.Net-2.0-004-11Mar07.src.zip.asc Warning: using insecure memory! gpg: Signature made Sat Mar 17 06:41:37 2007 PDT using DSA key ID 99D93CAB gpg: Good signature from "George Aroush (Incubating Apache Lucene.Net 2.0 build 004) <[EMAIL PROTECTED]>" Regards, -- George -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bertrand Delacretaz Sent: Saturday, March 17, 2007 12:30 PM To: general@incubator.apache.org Subject: Re: Some help with Lucene.Net release On 3/17/07, George Aroush <[EMAIL PROTECTED]> wrote: > ...Can someone > please take a look at : > http://people.apache.org/~aroush/Lucene.Net-2.0-004/ > and tell me if the KEYS is right as well as if the *.asc files validate?... The KEYS file is in the correct format, I was able to import it with "gpg --import". The md5 file Incubating-Apache-Lucene.Net-2.0-004-11Mar07.src.zip.md5 is IMHO in a funny format, I was expected the standard md5sum format (A): 248dcf867ae08d76f542cbe986a91796 Incubating-Apache-Lucene.Net-2.0-004-11Mar07.src.zip but yours is (B): Incubating-Apache-Lucene.Net-2.0-004-11Mar07.src.zip: 24 8D CF 86 7A E0 8D 76 F5 42 CB E9 86 A9 17 96 So attempting to check it with md5sum -c Incubating-Apache-Lucene.Net-2.0-004-11Mar07.src.zip.md5 fails, although one can check the md5 "by hand". I *think* the (A) format is the one we want, but I'm not sure where this is specified. I'd say your md5 info is correct, but in an unexpected format (there might be various flavors around though, but I've always seen this (A) format). About the .asc files, I have tried gpg --verify Incubating-Apache-Lucene.Net-2.0-004-11Mar07.src.zip.as And the signature is ok, but AFAICS your key is hasn't been signed by anyone, it'd be good to have it signed if you're at an ApacheCon or another ASF gathering. I'm not familiar with the sha format, I'll let others comment on that. Hope this helps, -Bertrand --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
