curl -sS https://downloads.apache.org/tomee/KEYS | grep 85FBBE98D6C37CDA8A7D8FF9F9FF83A48D339D37 85FBBE98D6C37CDA8A7D8FF9F9FF83A48D339D37
> Am 12.09.2025 um 10:43 schrieb Richard Zowalla <rich...@zowalla.com>: > > Maybe force refresh your cache. It's definitely in that file. > > > Am 12. September 2025 10:08:59 MESZ schrieb COURTAULT Francois > <francois.courta...@thalesgroup.com.INVALID>: >> THALES GROUP LIMITED DISTRIBUTION to email recipients >> >> Hello Richard, >> >> In the https://downloads.apache.org/tomee/KEYS file, I don't see any >> uid [ultimate] Markus Jung (CODE SIGNING KEY) <ju...@apache.org> >> >> If I search (CODE SIGNING KEY) in the KEYS file, I get: >> - uid Richard Kenneth McGuire (CODE SIGNING KEY) >> <rickmcgu...@apache.org> >> - uid Jarek Gawor (CODE SIGNING KEY) <ga...@apache.org> >> - uid Jean-Louis Monteiro (CODE SIGNING KEY) >> <jlmonte...@apache.org> >> sig 3 043F71D8 2012-09-28 Jean-Louis Monteiro (CODE SIGNING >> KEY) <jlmonte...@apache.org> >> sig 043F71D8 2012-09-28 Jean-Louis Monteiro (CODE SIGNING >> KEY) <jlmonte...@apache.org> >> - uid [ ultime ] Jean-Louis Monteiro (CODE SIGNING KEY) >> <jlmonte...@apache.org> >> - uid [uneingeschränkt] Richard Zowalla (Code Signing Key) >> <r...@apache.org> >> sig 3 DAB472F0E5B8A431 2022-04-12 Richard Zowalla (Code >> Signing Key) <r...@apache.org> >> sig DAB472F0E5B8A431 2022-04-12 Richard Zowalla (Code >> Signing Key) <r...@apache.org> >> So no Markus Jung entry here. >> >> The only "uid [ultimate]" is set for David Blevins and not for >> Markus Jung. >> >> Best Regards. >> >> -----Original Message----- >> From: Richard Zowalla <rich...@zowalla.com> >> Sent: jeudi 11 septembre 2025 19:15 >> To: users@tomee.apache.org >> Subject: Re: TomEE package verification not working >> >> The link is correct. The key in question is contained in the file. >> >> pub rsa4096 2024-03-22 [SC] >> 85FBBE98D6C37CDA8A7D8FF9F9FF83A48D339D37 >> uid [ultimate] Markus Jung (CODE SIGNING KEY) <ju...@apache.org> >> sig 3 F9FF83A48D339D37 2024-03-22 [self-signature] >> sub rsa4096 2024-03-22 [E] >> sig F9FF83A48D339D37 2024-03-22 [self-signature] >> >> The only change ist, that Markus did the Release for 10.1.1. >> >> Gruß >> Richard >> >> Am 11. September 2025 18:27:31 MESZ schrieb COURTAULT Francois >> <francois.courta...@thalesgroup.com.INVALID>: >>> THALES GROUP LIMITED DISTRIBUTION to email recipients >>> >>> Hello everyone, >>> >>> In our pipeline for building TomEE Docker base images, we do this: >>> + gpg --batch --verify apache-tomee-10.1.1-plus.tar.gz.asc >>> apache-tomee-10.1.1-plus.tar.gz >>> gpg: Signature made Sat Aug 16 12:18:25 2025 UTC >>> gpg: using RSA key 85FBBE98D6C37CDA8A7D8FF9F9FF83A48D339D37 >>> gpg: Can't check signature: No public key >>> >>> It was working with TomEE 10.1.0 but not anymore with TomEE 10.1.1. >>> The keys used are located at https://downloads.apache.org/tomee/KEYS >>> Is this location still valid for TomEE keys ? >>> >>> What has changed between 10.1.0 and 10.1.1 ? >>> How to fix this issue ? any idea ? >>> >>> Best Regards. >>> >>> >>>
