The Signature failed to verify ``` ~/Downloads/release_2.9.2 ยป gpg --verify apache-pulsar-2.9.2-bin.tar.gz.asc gpg: assuming signed data in 'apache-pulsar-2.9.2-bin.tar.gz' gpg: Signature made Sat Jan 22 21:28:07 2022 CST gpg: using RSA key 9F6FE6F28CC92CCB54B4E6F6C54B95E1C9106DA3 gpg: Can't check signature: No public key ```
Looks you are using a different key from the uploaded one. Regards, Penghui On Sun, Jan 23, 2022 at 9:25 PM Ran Gao <r...@apache.org> wrote: > This is the first release candidate for Apache Pulsar, version 2.9.2. > > It fixes the many issues and the log4j security problem. > > *** Please download, test, and vote on this release. This vote will stay > open > for at least 72 hours *** > > Note that we are voting upon the source (tag), binaries are provided for > convenience. > > Source and binary files: > https://dist.apache.org/repos/dist/dev/pulsar/pulsar-2.9.2-candidate-1/ > > SHA-512 checksums: > > > ccecec6ed53e9aea8882be0ee8d3e2dd353cde48033dad329d907580e2e472ac4b63e5467ccc5ec218ed7095a275526d78f7b9efb0dc467af4113848c2462673 > ./apache-pulsar-2.9.2-bin.tar.gz > > ebc4422c7a293aaa2aa32cb1dbd0e7a96e1848ae0a6ad70fe14a672359704085e98a40d9f97af472306f4eba798615836485782f8975738a6771087f9dfb3cbe > ./apache-pulsar-2.9.2-src.tar.gz > > Maven staging repo: > https://repository.apache.org/content/repositories/orgapachepulsar-1132/ > > The tag to be voted upon: > v2.9.2-candidate-1 (8a5d2253b888b3b865a2aedf635d6727777821c7) > https://github.com/apache/pulsar/releases/tag/v2.9.2-candidate-1 > > Pulsar's KEYS file containing PGP keys we use to sign the release: > https://dist.apache.org/repos/dist/dev/pulsar/KEYS > > Please download the source package, and follow the README to build > and run the Pulsar standalone service. >
