The KEYS file seems to be missing the fingerprint for the key that signed these binaries.
Missing fingerprint: B898 C51C 5FD4 0C64 6AF1 BA49 1E56 A374 F7FA 8357 wget -q http://www.apache.org/dist/cayenne/KEYS gpg --import KEYS find . -name '*.asc' -exec gpg --verify '{}' ';' gpg: assuming signed data in './cayenne-5.0-M1-src.tar.gz' gpg: Signature made Wed Aug 21 03:13:52 2024 CDT gpg: using RSA key *B898C51C5FD40C646AF1BA491E56A374F7FA8357* gpg: *Can't check signature: No public key* gpg: assuming signed data in './cayenne-5.0-M1-macosx.dmg' gpg: Signature made Wed Aug 21 03:13:52 2024 CDT gpg: using RSA key B898C51C5FD40C646AF1BA491E56A374F7FA8357 gpg: Can't check signature: No public key gpg: assuming signed data in './cayenne-5.0-M1-win.zip' gpg: Signature made Wed Aug 21 03:13:53 2024 CDT gpg: using RSA key B898C51C5FD40C646AF1BA491E56A374F7FA8357 gpg: Can't check signature: No public key gpg: assuming signed data in './cayenne-5.0-M1.tar.gz' gpg: Signature made Wed Aug 21 03:13:52 2024 CDT gpg: using RSA key B898C51C5FD40C646AF1BA491E56A374F7FA8357 gpg: Can't check signature: No public key On Wed, Aug 21, 2024 at 3:39 AM Nikita Timofeev <ntimof...@objectstyle.com> wrote: > Hi all, > > Here is the first milestone release of 5.0. > It's primarily focusing on dropping and refactoring older stuff (no more > ROP), but has some nice features too. > Overall it contains 116 issues in Jira. > > Release notes: > https://github.com/apache/cayenne/blob/5.0-M1/RELEASE-NOTES.txt > Maven repo: > https://repository.apache.org/content/repositories/orgapachecayenne-1057/ > Assemblies: https://dist.apache.org/repos/dist/dev/cayenne/5.0-M1/ > > Please evaluate and cast your votes > > -- > Best regards, > Nikita Timofeev >
