I think that's the legacy file - there is also this file, which seems more up to date:
http://www.apache.org/dist/zookeeper/KEYS Patrick On Tue, Oct 7, 2014 at 1:35 AM, Ivan Kelly <[email protected]> wrote: > The keys in use should be in > https://svn.apache.org/repos/asf/zookeeper/dist/KEYS > > -Ivan > > Warren Turkal writes: > >> Hey everyone, >> >> I have a couple questions about verifying the tarballs I download for >> Zookeeper. >> >> I don't see any listing of an official release manager identity and their >> pub key. Therefore, I don't know which key I should be getting to verify a >> signature against. Is there a list somewhere of the release manager >> identity. Ideally, I'd also be able to get the key from an Apache site >> protected by TLS (maybe even HTTPS). Am I just missing this info? If so, >> where is the info? >> >> Also, I don't see corresponding .asc signature files that can be used to >> verify the authenticity of the archives even if I did have a pub key. Are >> these located in some special location other than in the directories along >> side the released tarballs? >> >> Alternatively, is there a better way to retrieve crypto-secured releases >> than just downloading the release tarballs? >> >> Thanks, >> wt >
