[jira] [Resolved] (FILEUPLOAD-364) GPG artifact signing keys changed?

Mark Thomas (Jira) Thu, 28 Aug 2025 03:17:08 -0700


     [ 
https://issues.apache.org/jira/browse/FILEUPLOAD-364?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Mark Thomas resolved FILEUPLOAD-364.
------------------------------------
    Resolution: Not A Problem

[https://www.apache.org/info/verification.html]

https://dlcdn.apache.org/commons/KEYS

> GPG artifact signing keys changed?
> ----------------------------------
>
>                 Key: FILEUPLOAD-364
>                 URL: https://issues.apache.org/jira/browse/FILEUPLOAD-364
>             Project: Commons FileUpload
>          Issue Type: Bug
>    Affects Versions: 1.6.0
>            Reporter: Tobias Gierke
>            Priority: Major
>
> Hi,
> We're using the pgpverify-maven-plugin to verify artifact signatures and our 
> builds started failing after upgrading to commons-fileupload 1.6.0 since the 
> GPG signing key used is now different.
> 1.5.0 used 0xA9C5DF4D22E99998D9875A5110C01C5A2F6059E7
> 1.6.0 uses 0x2DB4F1EF0FA761ECC4EA935C86FDC7E2A11262CB
> Is this intentional ?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (FILEUPLOAD-364) GPG artifact signing keys changed?

Reply via email to