PGP Signature does not validate. The signing key is not located in the KEYS.txt
-------------------------------------------------------------------------------
Key: AMQ-2731
URL: https://issues.apache.org/activemq/browse/AMQ-2731
Project: ActiveMQ
Issue Type: Bug
Affects Versions: 5.3.2
Environment: Ubuntu Linux
Reporter: Erik
Priority: Minor
The signing key for apache-activemq-5.3.2-bin.tar.gz is not located in the
KEYS.txt. The SHA1 hash does verify!
According to the website: http://activemq.apache.org/activemq-532-release.html,
the following commands should verify the signature of
apache-activemq-5.3.2-bin.tar.gz.
$ gpg --import KEYS.txt
$ gpg --verify apache-activemq-5.3.2-bin.tar.gz.asc
Here is the output:
$ gpg --import KEYS.txt
gpg: key F5BA7E4F: "Hiram Chirino <[email protected]>" not changed
gpg: key 56F3E01B: "David Jencks (geronimo) <[email protected]>" not
changed
gpg: key 456DFEA9: "David M. Johnson (Dave Johnson) <[email protected]>" not
changed
gpg: key 17AA5B25: "David Johnson <[email protected]>" not changed
gpg: key 69CC103E: "Gary Tully (key for apache releases)
<[email protected]>" not changed
gpg: key 2C983957: "Bruce Snyder <[email protected]>" not changed
gpg: key 6852C7DA: "Dejan Bosanac <[email protected]>" not changed
gpg: Total number processed: 7
gpg: unchanged: 7
r...@s:/var/www# gpg --verify apache-activemq-5.3.2-bin.tar.gz.asc
gpg: Signature made Mon 26 Apr 2010 03:24:47 PM PDT using RSA key ID A2F9E313
gpg: Can't check signature: public key not found
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
