I signed it for the first time with my key but I thought I had updated
the KEYS file. I'll look into this and get back to you.
--Sean
jason marshall wrote:
As a datapoint, using the same process I am able to verify the 1.4.1
signature. Did the signing key get swapped out at some point without
updating the KEYS file?
Thanks,
Jason
On Mon, Jun 1, 2009 at 2:16 PM, jason marshall <jdmarsh...@gmail.com
<mailto:jdmarsh...@gmail.com>> wrote:
My coworker tried to upgrade to XML Sec 1.4.2 and discovered that
she couldn't verify the ASC signature against the binaries. It
appears that a new key is being used for signing, but didn't get
added to the keyring?
I was able to repro the same failure. Anybody else?
~> gpg --verbose --verify xml-security-bin-1_4_2.zip.asc
gpg: armor header: Version: GnuPG v2.0.9 (SunOS)
gpg: assuming signed data in `xml-security-bin-1_4_2.zip'
gpg: Signature made Mon 23 Jun 2008 01:09:20 PM PDT using DSA key
ID A74A32FC
gpg: Can't check signature: public key not found
Thanks,
Jason
--
- Jason
