I was able to get the signature to verity correctly. [bcall@homer tmp]$ gpg --verify trafficserver-5.1.0-rc0.tar.bz2.asc gpg: Signature made Thu 04 Sep 2014 07:07:36 PM PDT using RSA key ID 94D96DE2 gpg: Good signature from "Alan M. Carroll <[email protected]>"
[bcall@homer tmp]$ gpg --list-keys [email protected] pub 4096R/1DE00649 2014-08-27 [expires: 2019-08-26] uid Alan M. Carroll <[email protected]> sub 4096R/B32072E0 2014-08-27 [expires: 2019-08-26] sub 4096R/94D96DE2 2014-09-03 [expires: 2019-09-02] [bcall@homer tmp]$ gpg --version gpg (GnuPG) 1.4.16 [bcall@homer tmp]$ cat /etc/redhat-release Fedora release 20 (Heisenbug) -Bryan On Sep 5, 2014, at 7:01 PM, Neddy, NH. Nam <[email protected]> wrote: > Hi Alan, > > I can't verify package with your provided key: > > # gpg --verify trafficserver-5.1.0-rc0.tar.bz2.asc > gpg: Signature made Fri 05 Sep 2014 09:07:36 AM ICT using RSA key ID 94D96DE2 > gpg: Can't check signature: public key not found > > # gpg --list-keys > /root/.gnupg/pubring.gpg > ------------------------ > pub 1024D/DE885DD3 2002-04-10 > uid Sander Striker <[email protected]> > uid Sander Striker <[email protected]> > sub 2048g/532D14CA 2002-04-10 > > pub 4096R/B84508EC 2010-01-26 > uid Bryan W. Call <[email protected]> > sub 4096R/DDB11340 2010-01-26 > > pub 4096R/ABAA2C9F 2012-06-26 [expires: 2016-08-26] > uid Alan M. Carroll <[email protected]> > > pub 4096R/1DE00649 2014-08-27 [expires: 2019-08-26] > uid Alan M. Carroll <[email protected]> > sub 4096R/B32072E0 2014-08-27 [expires: 2019-08-26] > > Am I missing something? > > Thanks > ~Neddy > > > On Sat, Sep 6, 2014 at 12:07 AM, Alan M. Carroll > <[email protected]> wrote: > Hello All, > > Sorry for the delays but we have a release candidate for 5.1.0 ready now. > > Changes since 5.0.0: > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310963&version=12324894 > > A summary of the new features are here: > > https://cwiki.apache.org/confluence/display/TS/What%27s+new+in+v5.1.x > > Information about upgrading to this release from v4.0 is available at: > > https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v5.0 > > The cache in this release is compatible with releases 3.2.0 and later. > > The artifacts are available for download at: > > http://people.apache.org/~amc/ats/rc > > -rw-rw-r--. 1 amc amc 7674482 Sep 4 21:07 trafficserver-5.1.0-rc0.tar.bz2 > -rw-rw-r--. 1 amc amc 819 Sep 4 21:07 trafficserver-5.1.0-rc0.tar.bz2.asc > -rw-rw-r--. 1 amc amc 66 Sep 4 21:07 trafficserver-5.1.0-rc0.tar.bz2.md5 > -rw-rw-r--. 1 amc amc 74 Sep 4 21:07 > trafficserver-5.1.0-rc0.tar.bz2.sha1 > > MD5: 9b4570386bdae0a0acecdba001beccae *trafficserver-5.1.0-rc0.tar.bz2 > SHA1: 740b0b55dbdac3fb364b1c9b6d5787653039e241 > *trafficserver-5.1.0-rc0.tar.bz2 > > This corresponds to git: > > Hash: 69a6bd4c3001b5694accf21f9d929860df3c7525 > Tag: 5.1.0-rc0 > > Which can be verified with the following: > > git tag -v 5.1.0-rc0 > > My code signing key is available here: > > http://people.apache.org/keys/committer/amc.asc > > Make sure you refresh from a key server to get all relevant signatures. > > The vote is open until 12 Sep 2014 which is one week from today. Please test > as much as you can. > > Thanks All! > >
