The keys in use should be in https://svn.apache.org/repos/asf/zookeeper/dist/KEYS
-Ivan Warren Turkal writes: > Hey everyone, > > I have a couple questions about verifying the tarballs I download for > Zookeeper. > > I don't see any listing of an official release manager identity and their > pub key. Therefore, I don't know which key I should be getting to verify a > signature against. Is there a list somewhere of the release manager > identity. Ideally, I'd also be able to get the key from an Apache site > protected by TLS (maybe even HTTPS). Am I just missing this info? If so, > where is the info? > > Also, I don't see corresponding .asc signature files that can be used to > verify the authenticity of the archives even if I did have a pub key. Are > these located in some special location other than in the directories along > side the released tarballs? > > Alternatively, is there a better way to retrieve crypto-secured releases > than just downloading the release tarballs? > > Thanks, > wt
