Colin did add his key to https://github.com/apache/kafka-site/blob/asf-site/KEYS
I would also assume, he pushed it to public key servers. Not sure atm, why https://dist.apache.org/repos/dist/release/kafka/KEYS is not up-to-date. Also https://www.apache.org/dist/kafka/KEYS (as linked from the download page: https://kafka.apache.org/downloads) is not up-to-date. \cc Ismael and Gwen from the PMC. -Matthias On 2/26/19 1:55 PM, Randall Svancara wrote: > I am unable to verify the downloads of Kafka. Is this the correct location > for the public keys I need to verify against? > > See my output below for more details: > > wget https://dist.apache.org/repos/dist/release/kafka/KEYS > --2019-02-26 13:53:14-- https://dist.apache.org/repos/dist/release/kafka/KEYS > Resolving dist.apache.org... 209.188.14.144 > Connecting to dist.apache.org|209.188.14.144|:443... connected. > HTTP request sent, awaiting response... 200 OK > Length: 71642 (70K) [text/plain] > Saving to: 'KEYS.3' > > KEYS.3 > 100%[=================================================================================================================>] > 69.96K --.-KB/s in 0.08s > > 2019-02-26 13:53:14 (892 KB/s) - 'KEYS.3' saved [71642/71642] > > 201174m0:~ username$ gpg --import KEYS.3 > gpg: key 68255A3053038328: "Chris Douglas <[email protected]>" not changed > gpg: key 6C74016C99369B56: "Neha Narkhede (Key for signing code and releases) > <[email protected]>" not changed > gpg: key 6C74016C99369B56: "Neha Narkhede (Key for signing code and releases) > <[email protected]>" not changed > gpg: key 8418DC25575A2645: "Neha Narkhede (Key used for signing releases) > <[email protected]>" not changed > gpg: key 865187967F1183BD: "Joe Stein (CODE SIGNING KEY) > <[email protected]>" not changed > gpg: key AB61F70FE0A61EEA: "Jun Rao <[email protected]>" not changed > gpg: key 73855CE2D0A67B5A: "Chen (Gwen) Shapira <[email protected]>" not > changed > gpg: key 82E634EDAB55EF5C: "Ismael Juma <[email protected]>" not changed > gpg: key 115B0CA827A7289E: "Jason Gustafson <[email protected]>" not > changed > gpg: key AC3CF9DC9054F6FA: "Jason Gustafson <[email protected]>" not > changed > gpg: key A6ECA8953B417B9B: "Guozhang Wang (Key for signing code and releases) > <[email protected]>" not changed > gpg: key 934EEC7DBE7EFC73: "Ewen Cheslack-Postava <[email protected]>" not > changed > gpg: key DDAA34525234D94F: "Ewen Cheslack-Postava <[email protected]>" not > changed > gpg: key 4B606607518830CF: "Damian Guy (CODE SIGNING KEY) > <[email protected]>" not changed > gpg: key 0CF65F72E4609424: "Rajini Sivaram (CODE SIGNING KEY) > <[email protected]>" not changed > key 48307CB31DCC852D: > 3 signatures not checked due to missing keys > gpg: key 48307CB31DCC852D: "Matthias J. Sax <[email protected]>" not changed > gpg: key BEED4F6CB9F77D0E: "Dong Lin (CODE SIGNING KEY) > <[email protected]>" not changed > gpg: key 0DC9AB9E5B3A4458: "Manikumar Reddy Obili (SIGNING KEY) > <[email protected]>" not changed > gpg: Total number processed: 18 > gpg: unchanged: 18 > 201174m0:~ user$ gpg --verify kafka_2.11-2.1.1.tgz.asc kafka_2.11-2.1.1.tgz > gpg: Signature made Fri Feb 8 10:33:36 2019 PST > gpg: using RSA key 6B259C61F399AD22D4A4EBC0DE78987A9CD4D9D3 > gpg: issuer "[email protected]" > gpg: Can't check signature: No public key >
signature.asc
Description: OpenPGP digital signature
