> -----Original Message----- > From: Karl Heinz Marbaise > Sent: Wednesday, February 19, 2020 1:07 PM > > Hi, > > On 19.02.20 17:04, Ward, Evan wrote: > > Hi, > > > > I have been attempting to verify the signatures on maven plugins using > > the instructions on the downloads page, e.g. [1]. Several plugins have > > been signed by the key 0x0CDE80149711EB46DFF17AE421A24B3F8B0F594A which <snip/> > > If so please add it to the keys file. Karl has other keys in the KEYS file > > - is there a reason this > specific key is not trusted? > > What do you mean exactly by "not trusted" ? ...You are checking via gpg > --verify ?
I think he meant that it is not included in the Apache Maven "Authorized" signing keys list found at: <snip/> > > [2] https://www.apache.org/dist/maven/KEYS -- Jason Pyeron | Architect PD Inc | 10 w 24th St | Baltimore, MD | .mil: jason.j.pyeron....@mail.mil .com: jpye...@pdinc.us tel : 202-741-9397 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org