Craig L Russell wrote: > > Sounds like your info is out of date by a couple of days. > I signed Patrick's key a few days ago. >
(Signed keys are a good thing, though it doesn't look like that has propagated yet. Not sure how that happens.) The main issue that Henk raised [1] is inconsistent signatures-- the .asc file does not match the .jar file for those eight artifacts. For example: $ gpg --verify openjpa-jdbc-1.1.0.jar.asc openjpa-jdbc-1.1.0.jar gpg: Signature made Tue May 20 02:22:19 2008 UTC using DSA key ID 513CA0DC gpg: BAD signature from "Patrick Linskey (CODE SIGNING KEY) <[EMAIL PROTECTED]>" It usually means the file changed after it was signed. Given that the release was re-done, is it possible something happened then? (I do see the other vote thread now that I look, thanks for the info... Google didn't send me an alert. :/ ) [1] http://people.apache.org/~henkp/repo/ Thanks, -- Wendy -- View this message in context: http://www.nabble.com/-VOTE--Approve-OpenJPA-1.1.0-release-tp17246915p17514352.html Sent from the OpenJPA Developers mailing list archive at Nabble.com.
