Nope. No commits on the SVN since ages. Most likely a caching issue.
Am 15. September 2025 19:04:50 MESZ schrieb COURTAULT Francois <francois.courta...@thalesgroup.com.INVALID>: >THALES GROUP LIMITED DISTRIBUTION to email recipients > >Hello Richard, > >Have you updated the KEYS file ? >Because now I am able to see Markus Jung. > >Best Regards. > >-----Original Message----- >From: COURTAULT Francois >Sent: vendredi 12 septembre 2025 10:09 >To: users@tomee.apache.org >Subject: RE: TomEE package verification not working > >THALES GROUP LIMITED DISTRIBUTION to email recipients > >Hello Richard, > >In the https://downloads.apache.org/tomee/KEYS file, I don't see any >uid [ultimate] Markus Jung (CODE SIGNING KEY) <ju...@apache.org> > >If I search (CODE SIGNING KEY) in the KEYS file, I get: > - uid Richard Kenneth McGuire (CODE SIGNING KEY) > <rickmcgu...@apache.org> > - uid Jarek Gawor (CODE SIGNING KEY) <ga...@apache.org> > - uid Jean-Louis Monteiro (CODE SIGNING KEY) > <jlmonte...@apache.org> > sig 3 043F71D8 2012-09-28 Jean-Louis Monteiro (CODE SIGNING KEY) > <jlmonte...@apache.org> > sig 043F71D8 2012-09-28 Jean-Louis Monteiro (CODE SIGNING KEY) > <jlmonte...@apache.org> > - uid [ ultime ] Jean-Louis Monteiro (CODE SIGNING KEY) > <jlmonte...@apache.org> > - uid [uneingeschränkt] Richard Zowalla (Code Signing Key) > <r...@apache.org> > sig 3 DAB472F0E5B8A431 2022-04-12 Richard Zowalla (Code Signing > Key) <r...@apache.org> > sig DAB472F0E5B8A431 2022-04-12 Richard Zowalla (Code Signing > Key) <r...@apache.org> >So no Markus Jung entry here. > >The only "uid [ultimate]" is set for David Blevins and not for >Markus Jung. > >Best Regards. > >-----Original Message----- >From: Richard Zowalla <rich...@zowalla.com> >Sent: jeudi 11 septembre 2025 19:15 >To: users@tomee.apache.org >Subject: Re: TomEE package verification not working > >The link is correct. The key in question is contained in the file. > >pub rsa4096 2024-03-22 [SC] > 85FBBE98D6C37CDA8A7D8FF9F9FF83A48D339D37 >uid [ultimate] Markus Jung (CODE SIGNING KEY) <ju...@apache.org> >sig 3 F9FF83A48D339D37 2024-03-22 [self-signature] >sub rsa4096 2024-03-22 [E] >sig F9FF83A48D339D37 2024-03-22 [self-signature] > >The only change ist, that Markus did the Release for 10.1.1. > >Gruß >Richard > >Am 11. September 2025 18:27:31 MESZ schrieb COURTAULT Francois ><francois.courta...@thalesgroup.com.INVALID>: >>THALES GROUP LIMITED DISTRIBUTION to email recipients >> >>Hello everyone, >> >>In our pipeline for building TomEE Docker base images, we do this: >>+ gpg --batch --verify apache-tomee-10.1.1-plus.tar.gz.asc >>apache-tomee-10.1.1-plus.tar.gz >>gpg: Signature made Sat Aug 16 12:18:25 2025 UTC >>gpg: using RSA key 85FBBE98D6C37CDA8A7D8FF9F9FF83A48D339D37 >>gpg: Can't check signature: No public key >> >>It was working with TomEE 10.1.0 but not anymore with TomEE 10.1.1. >>The keys used are located at https://downloads.apache.org/tomee/KEYS >>Is this location still valid for TomEE keys ? >> >>What has changed between 10.1.0 and 10.1.1 ? >>How to fix this issue ? any idea ? >> >>Best Regards. >> >> >>
