-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 24/01/2012 20:01, Bill Rutledge wrote: > I signed and trusted Mark's certificate:
On what basis are you trusting that that public key really does belong to someone called "Mark Thomas"? Personally, I do rather more checks before I'd trust someone else's public key. > [cid:image001.png@01CCDAA8.11318280] That's a nice series of characters. The list strips images. > I tried to verify it, but it came up bad: > > [cid:image002.png@01CCDAA8.11318280] Can't see that image either. Time to switch to a command line interface that you can copy and paste stuff to/from. The chances of a signature on a Tomcat release being bad is pretty slim. The reasons for this are: - - Most of the tomcat committers have met each other, verified keys and identities and have signed each others keys - - They have also done the same for many other folks at the ASF and are reasonably well embedded in the ASF web of trust - - Every Tomcat release artefact is signed by the release manager and the signatures checked my multiple Tomcat committers - - There is an automated process that checks every binary uploaded to the ASF distribution area and it complains loudly if there is a problem with the signatures (we got a nag this afternoon because I moved some things around and missed a few files) [1] It looks very much like your OpenPGP configuration is bad or you have a corrupted download. Try obtaining the file from a different mirror or direct from the ASF master copy. I have also signed this message. If you can't verify that signature, it is more likely to be a local issue. Mark [1] http://people.apache.org/~henkp/checker/sig.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPHxPyAAoJEBDAHFovYFnn/GUQAKuSm+VCV+SworFjEHRxv1mk VyMdGEiOotxEOzdtU7iU/6yJFzgWacWRPd34kLMkzLbVjWtnllSSqZIuqSBJEEFR g0KpC+ybYL26zikxFM3KdhEfCj9iwk8T8MXPM1y7ZqZITP+TPsV/qsRylacRTolV Z5YQMUfxa+sdcWLKr/w3+eiRFvXuAEKOzmR6LrMlMN3DH2Vwv4z11QZoXHg0VhIr gPwfVawN/2bkVQL/c4rgYy3ycClDYGFhHm9ixrNfgsXESuzJnaD295jiBCg+WEL+ 9xA0cjDFmyzF1kHuHyxwaDxhL/gWBnImonkkjGXvKIuNiO/ADy4PAzhS7hDKNlV/ x6F+6v6KwV800b9nWJaHqBiyEhb4hbDAkUJZhmwWEvVfuMWPritw+B8uIXpHPefV 5XqoQzSR8otc6Z4/QIrk/1jcAu81WGPg5kGhWLc8+eB3fua+oMhBJN5fBdORyaL1 SnjWE1pOWprSE4yAxAVO1r31D9eexfMUH7ybOPJXUZLWxErQrOMucsahBKBiyc4w 4lybDhUooET5JOsx9MsHJZnQVK4GYnxHduPNA7PCw/aprIn+RnW3hwZ4w6iOp2/P cu9idUfNXT1J5zP/agRfsf4KYzQJ1bVRLrXcK7prhETea1vycNT7FWQ1T4yezYvo pBWE03DZ3S4obG4h62Ra =oRUZ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org