hmm. that's odd. i know i changed keys a while ago, but i updated
all the signatures of the releases when i did that. and Henk Penning
keeps a pretty tight watch on these with some script he runs. you can
see the latest signature problems of all apache releases on his user
page:
http://people.apache.org/~henkp/checker/sig.html
it was via that that he noticed my key change and asked me to update
my signatures. i did and he hasn't complained since.
anyway, i only bother with all this stuff every few years when i roll
a release. i don't remember very well how it all works, but couldn't
you try another keyserver or something?
On 8/8/06, Paul Lynch <[EMAIL PROTECTED]> wrote:
I tried to verify the signature on the current velocity-tool binary
download, and got the following message:
> gpg --verify velocity-tools-1.2.tar.gz.asc
gpg: Signature made Mon 14 Nov 2005 01:18:33 PM EST using DSA key ID
4885CED1
gpg: Can't check signature: public key not found
This occurred *after* I had run gpg --import on the KEYS file from the
download page. (There are two KEYS files there, one for velocity and one
for velocity-tools; I imported both, and still got the error.) Is it
possible that the key used to sign the download file is not in the KEYS
file?
Thanks,
--Paul Lynch
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
