On 10/8/2016 6:46 AM, Andrea Pescetti wrote:
Patricia Shanahan wrote:
I had to make a change in the key preferences to meet the release
signing requirements. I uploaded to a couple of servers, including MIT,
and waited a few days.
I can find mine here (note: you have to add "0x" for the search to
succeed):
http://pgp.mit.edu/pks/lookup?search=0x8F0E4C63&op=vindex&fingerprint=on
But the same search for yours (the "new" one) fails:
http://pgp.mit.edu/pks/lookup?search=0x02703386&op=vindex&fingerprint=on
Is my GPG wrong in detecting a signature (from you) with Key ID 02703386?
The Key ID is correct. When I verify e.g.
apache-openoffice-4.1.3-r1761381-src.tar.bz2.asc, I get the following
output:
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/documentation/faqs.html for more
information
gpg: assuming signed data in `apache-openoffice-4.1.3-r1761381-src.tar.bz2'
gpg: Signature made Sat, Oct 1, 2016 1:16:07 PM PDT using RSA key ID
8F0E4C63
gpg: Good signature from "Andrea Pescetti (Release Signing Key)
<pesce...@apache.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 6D09 7A5C A3A8 C1E5 314D 9E67 013D A51F 8F0E 4C63
gpg: Signature made Tue, Oct 4, 2016 8:03:35 PM PDT using RSA key ID
02703386
gpg: Good signature from "Patricia Shanahan <p...@acm.org>"
It looks as though the problem is with publishing the public key - my
gpg knows about it from my local files. I'll look into it. Thanks for
the information.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org
