Would be good if someone would verify this -- when I look at the VOTE
thread, the source signatures have been verified:

https://lists.apache.org/thread.html/859cbc7d2f4631983e48e24e7c1053439cbebfee133cc9b3745046b4@%3Cdev.netbeans.apache.org%3E

However, quite possibly the convenience binary signature has been checked
-- since Apache releases source code and not binaries, which are optionally
included for convenience only.

Gj

On Wed, Mar 7, 2018 at 11:48 PM, Leo Donahue <donahu...@gmail.com> wrote:

> Hi,
>
> Is this the right list for this question?
>
> I'm trying to verify the PGP ASC and KEY file but I get a bad signature
> message.
>
> I'm here: https://netbeans.apache.org/download/nb90/nb90-beta.html
>
> In Terminal:
> wget https://dist.apache.org/repos/dist/dev/incubator/netbeans/
> incubating-netbeans-java/incubating-9.0-beta/incubating-netbeans-java-9.0-
> beta-bin.zip.asc
>
> wget https://dist.apache.org/repos/dist/release/incubator/netbeans/KEYS
>
> pgp --import KEYS
>
> gpg --verify incubating-netbeans-java-9.0-beta-bin.zip.asc
> Downloads/incubating-netbeans-java-9.0-beta-bin.zip
>
>
> output:
>
> gpg: Signature made Wed 10 Jan 2018 03:41:31 PM MST
> gpg:                using RSA key B4C1940FEA9364F1
> gpg: BAD signature from "Jan Lahoda (Key for signing Apache NetBeans & co.
> releases.) <jlah...@apache.org>" [unknown]
>
> What did I forget to do?
>

Reply via email to