Hi Chris, AFAICT we don't sign the RPM (nor deb) package using rpmsign (nor debsign). Instead there is an .asc file that contains the signature. [1] describes the process in general for the ASF. [2] contains the .asc files and describes the verification procedure.
Kind Regards, Stefan [1] https://www.apache.org/dev/release-signing.html#basic-facts [2] https://directory.apache.org/apacheds/download/download-linux-rpm.html On 05/20/2015 10:22 PM, Cralle, Chris wrote: > Hello Apache Dev, > > I am attempting to validate the apacheds rpms using the RPM Signature. But > so far, I have been unable locate a single matching public GPG key that was > used sign any of your linux rpms? > > Where/How do you build your rpms, and what key is being used to sign them. > > So far I have checked M20, M18, M17, they all have differnent rpm signatures. > And none of them are in the master KEYS file. Nor could I find them on the > pgp mit server. > > > > Thanks, > Chris Crallé > EMC RSA 10700 Parkridge Blvd., 3rd Floor | Reston, VA 20191 > > >
