Sorry about that folks - I've corrected the signatures now. Please feel free to check now.
--larry On Thu, Apr 16, 2020 at 7:09 AM Sandeep Moré <moresand...@gmail.com> wrote: > I am getting the same error as well, looks like the key used to sign the > release has changed. > It also appears that we do not have the tar.gz file for knox-1.4.0-src > (i.e. knox-1.4.0-src.tar.gz) > > > > > > > > > > *gpg --list-keys | grep -B 2 Larrypub rsa4096 2013-10-08 [SC] > CB951DC938391FE207682BB582F9C371587C089Buid [ unknown] Larry > McCay (CODE SIGNING KEY) <lmc...@apache.org <lmc...@apache.org>>--pub > rsa4096 2014-06-16 [SCEA] [revoked: 2016-08-16] > E633929ED2B59AE4D37C9B4A9F6D85AC587C089Buid [ revoked] Larry > McCay (CODE SIGNING KEY) <lmc...@apache.org <lmc...@apache.org>>* > > > On Thu, Apr 16, 2020 at 6:49 AM Sandor Molnar <smol...@cloudera.com.invalid > > > wrote: > > > Thank you, Larry, for preparing the new release! > > > > I tried to verify the signature of knox-1.4.0.zip using GPG but > > verification failed for me with the following error: > > > > $ gpg --import KEYS > > gpg: directory 'XXX' created > > gpg: keybox 'XXX/pubring.kbx' created > > gpg: key 82F9C371587C089B: 1 signature not checked due to a missing key > > gpg: XXX/trustdb.gpg: trustdb created > > gpg: key 82F9C371587C089B: public key "Larry McCay (CODE SIGNING KEY) < > > lmc...@apache.org>" imported > > gpg: key 57846920EACB2DAE: 2 signatures not checked due to missing keys > > gpg: key 57846920EACB2DAE: public key "Kevin Minder (Code signing) < > > kmin...@apache.org>" imported > > gpg: key 2B5842B902C74EAE: public key "Sumit Gupta <su...@apache.org>" > > imported > > gpg: key 12D51C2DE72B5D09: public key "Kevin Risden (CODE SIGNING KEY) < > > kris...@apache.org>" imported > > gpg: Total number processed: 4 > > gpg: imported: 4 > > gpg: no ultimately trusted keys found > > > > $ gpg --verify knox-1.4.0.zip.asc > > gpg: assuming signed data in 'knox-1.4.0.zip' > > gpg: Signature made Wed Apr 15 02:36:28 2020 CEST > > gpg: using RSA key > 7AEC60D6E92792CCE08CDEDE3704A2F46A6B52DF > > gpg: Can't check signature: No public key > > > > Could you please let me know if I'm doing something wrong or the KEYS > file > > is incorrect? > > > > Thanks, > > Sandor > > > > P.S.: the rest seems to be OK. I deployed/started Knox, reached the new > > Home PAge, logged into Admin UI, tested some of the new features. > > > > On Wed, Apr 15, 2020 at 3:01 AM larry mccay <lmc...@apache.org> wrote: > > > > > All - > > > > > > A candidate for the Apache Knox 1.4.0 release is available at: > > > > > > https://dist.apache.org/repos/dist/dev/knox/knox-1.4.0/ > > > > > > The release candidate is a zip archive of the sources in: > > > > > > https://https://gitbox.apache.org/repos/asf/knox.git > > > Branch v1.4.0 (git checkout -b v1.4.0) > > > > > > The KEYS file for signature validation is available at: > > > https://dist.apache.org/repos/dist/release/knox/KEYS > > > > > > To assist in testing the knoxshell features you can find the new > > KnoxShell > > > User Guide at > > > http://knox.apache.org/books/knox-1-4-0/knoxshell_user_guide.html > > > > > > Gateway User Guide: > > > http://knox.apache.org/books/knox-1-4-0/user-guide.html > > > > > > Dev Guide: http://knox.apache.org/books/knox-1-4-0/dev-guide.html > > > > > > Please vote on releasing this package as Apache Knox 1.4.0. > > > The vote is open for the next 72 hours and passes if a majority of at > > > least three +1 Apache Knox PMC votes are cast. > > > > > > [ ] +1 Release this package as Apache Knox 1.4.0 > > > [ ] -1 Do not release this package because... > > > > > > thanks, > > > > > > --larry > > > > > >