Hi Peter,
From my perspective, you're good to go. The signature you made checks
out.
You'll need to put your public key into the svn repository associated
with the river project (if you need details after looking around, let
me know -- I'm a little hazy on the details).
And I guess you're still awaiting a response whether your key is good
enough. Robert, any feedback?
clr% gpg --fingerprint 1CC8406F
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 2 signed: 69 trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: depth: 1 valid: 69 signed: 39 trust: 17-, 24q, 0n, 0m, 28f, 0u
gpg: depth: 2 valid: 20 signed: 20 trust: 7-, 11q, 0n, 0m, 2f, 0u
gpg: depth: 3 valid: 1 signed: 0 trust: 1-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2011-06-22
pub 4096R/1CC8406F 2010-01-01 [expires: 2012-01-01]
Key fingerprint = 316D 7FF5 D89E 3090 64E2 7BAA AE46 E725 1CC8
406F
uid Peter Firmstone (Engineer) <[email protected]
>
sub 4096R/DBF67B3D 2010-01-01 [expires: 2012-01-01]
[CraigRussell:~] clr% gpg --verify LICENSE.asc
gpg: Signature made Sun Jan 3 17:57:16 2010 PST using RSA key ID
1CC8406F
gpg: Good signature from "Peter Firmstone (Engineer) <[email protected]
>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 316D 7FF5 D89E 3090 64E2 7BAA AE46 E725 1CC8
406F
Craig
On Jan 3, 2010, at 11:11 PM, Peter Firmstone wrote:
Oh yes of course, my apologies.
It should be available now on subkeys.pgp.net and keys.gnupg.net
I'll upload it to my home directory on people.apache.org later too.
Cool receiving assistance from someone who has contributed much.
Thanks again,
Peter.
Craig L Russell wrote:
Hi Peter,
Have you uploaded your public key?
gpg --verify LICENSE.asc
gpg: Signature made Sun Jan 3 17:57:16 2010 PST using RSA key ID
1CC8406F
gpg: Can't check signature: public key not found
[CraigRussell:~] clr% gpg --recv-keys 1CC8406F
gpg: requesting key 1CC8406F from hkp server subkeys.pgp.net
gpgkeys: key 1CC8406F not found on keyserver
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
What we know is that you have a key and it made a signature file.
What we don't know is if the signature matches your key.
Craig
On Jan 3, 2010, at 6:04 PM, Peter Firmstone wrote:
Thanks Craig,
LICENSE.asc of LICENSE in trunk of Apache River attached.
Cheers,
Peter.
Craig L Russell wrote:
Hi Peter,
The only reason *not* to use 1.4.10 IMHO is if the generated
artifacts somehow are incompatible with other GPG programs out
there.
If you want to create an example .asc from some file that you
have in your public directory, I'd be happy to verify that it
works.
Craig
Craig L Russell
Architect, Sun Java Enterprise System http://db.apache.org/jdo
408 276-5638 mailto:[email protected]
P.S. A good JDO? O, Gasp!
Craig L Russell
Architect, Sun Java Enterprise System http://db.apache.org/jdo
408 276-5638 mailto:[email protected]
P.S. A good JDO? O, Gasp!
