Sean Mullan wrote:
Which KEYS file are you using? Try: http://santuario.apache.org/dist/
I meant -
http://santuario.apache.org/dist/KEYS
I still need to update http://www.apache.org/dist/xml/security/KEYS
--Sean
jason marshall wrote:
Did the KEYS file get updated?
Thanks,
Jason
On Tue, Jun 2, 2009 at 10:59 AM, Sean Mullan <sean.mul...@sun.com
<mailto:sean.mul...@sun.com>> wrote:
I signed it for the first time with my key but I thought I had
updated the KEYS file. I'll look into this and get back to you.
--Sean
jason marshall wrote:
As a datapoint, using the same process I am able to verify the
1.4.1 signature. Did the signing key get swapped out at some
point without updating the KEYS file?
Thanks,
Jason
On Mon, Jun 1, 2009 at 2:16 PM, jason marshall
<jdmarsh...@gmail.com <mailto:jdmarsh...@gmail.com>> wrote:
My coworker tried to upgrade to XML Sec 1.4.2 and discovered
that she couldn't verify the ASC signature against the
binaries. It appears that a new key is being used for
signing, but didn't get added to the keyring?
I was able to repro the same failure. Anybody else?
~> gpg --verbose --verify xml-security-bin-1_4_2.zip.asc
gpg: armor header: Version: GnuPG v2.0.9 (SunOS)
gpg: assuming signed data in `xml-security-bin-1_4_2.zip'
gpg: Signature made Mon 23 Jun 2008 01:09:20 PM PDT using DSA
key ID A74A32FC
gpg: Can't check signature: public key not found
Thanks,
Jason
-- - Jason
--
- Jason
