THALES GROUP LIMITED DISTRIBUTION to email recipients Hello Richard,
Have you updated the KEYS file ? Because now I am able to see Markus Jung. Best Regards. -----Original Message----- From: COURTAULT Francois Sent: vendredi 12 septembre 2025 10:09 To: users@tomee.apache.org Subject: RE: TomEE package verification not working THALES GROUP LIMITED DISTRIBUTION to email recipients Hello Richard, In the https://downloads.apache.org/tomee/KEYS file, I don't see any uid [ultimate] Markus Jung (CODE SIGNING KEY) <ju...@apache.org> If I search (CODE SIGNING KEY) in the KEYS file, I get: - uid Richard Kenneth McGuire (CODE SIGNING KEY) <rickmcgu...@apache.org> - uid Jarek Gawor (CODE SIGNING KEY) <ga...@apache.org> - uid Jean-Louis Monteiro (CODE SIGNING KEY) <jlmonte...@apache.org> sig 3 043F71D8 2012-09-28 Jean-Louis Monteiro (CODE SIGNING KEY) <jlmonte...@apache.org> sig 043F71D8 2012-09-28 Jean-Louis Monteiro (CODE SIGNING KEY) <jlmonte...@apache.org> - uid [ ultime ] Jean-Louis Monteiro (CODE SIGNING KEY) <jlmonte...@apache.org> - uid [uneingeschränkt] Richard Zowalla (Code Signing Key) <r...@apache.org> sig 3 DAB472F0E5B8A431 2022-04-12 Richard Zowalla (Code Signing Key) <r...@apache.org> sig DAB472F0E5B8A431 2022-04-12 Richard Zowalla (Code Signing Key) <r...@apache.org> So no Markus Jung entry here. The only "uid [ultimate]" is set for David Blevins and not for Markus Jung. Best Regards. -----Original Message----- From: Richard Zowalla <rich...@zowalla.com> Sent: jeudi 11 septembre 2025 19:15 To: users@tomee.apache.org Subject: Re: TomEE package verification not working The link is correct. The key in question is contained in the file. pub rsa4096 2024-03-22 [SC] 85FBBE98D6C37CDA8A7D8FF9F9FF83A48D339D37 uid [ultimate] Markus Jung (CODE SIGNING KEY) <ju...@apache.org> sig 3 F9FF83A48D339D37 2024-03-22 [self-signature] sub rsa4096 2024-03-22 [E] sig F9FF83A48D339D37 2024-03-22 [self-signature] The only change ist, that Markus did the Release for 10.1.1. Gruß Richard Am 11. September 2025 18:27:31 MESZ schrieb COURTAULT Francois <francois.courta...@thalesgroup.com.INVALID>: >THALES GROUP LIMITED DISTRIBUTION to email recipients > >Hello everyone, > >In our pipeline for building TomEE Docker base images, we do this: >+ gpg --batch --verify apache-tomee-10.1.1-plus.tar.gz.asc >apache-tomee-10.1.1-plus.tar.gz >gpg: Signature made Sat Aug 16 12:18:25 2025 UTC >gpg: using RSA key 85FBBE98D6C37CDA8A7D8FF9F9FF83A48D339D37 >gpg: Can't check signature: No public key > >It was working with TomEE 10.1.0 but not anymore with TomEE 10.1.1. >The keys used are located at https://downloads.apache.org/tomee/KEYS >Is this location still valid for TomEE keys ? > >What has changed between 10.1.0 and 10.1.1 ? >How to fix this issue ? any idea ? > >Best Regards. > > >
