As a datapoint, using the same process I am able to verify the 1.4.1 signature. Did the signing key get swapped out at some point without updating the KEYS file?
Thanks, Jason On Mon, Jun 1, 2009 at 2:16 PM, jason marshall <jdmarsh...@gmail.com> wrote: > My coworker tried to upgrade to XML Sec 1.4.2 and discovered that she > couldn't verify the ASC signature against the binaries. It appears that a > new key is being used for signing, but didn't get added to the keyring? > > I was able to repro the same failure. Anybody else? > > ~> gpg --verbose --verify xml-security-bin-1_4_2.zip.asc > gpg: armor header: Version: GnuPG v2.0.9 (SunOS) > gpg: assuming signed data in `xml-security-bin-1_4_2.zip' > gpg: Signature made Mon 23 Jun 2008 01:09:20 PM PDT using DSA key ID > A74A32FC > gpg: Can't check signature: public key not found > > > Thanks, > Jason > > -- - Jason
