Hi Hiedra, All releases from Apache include code signing. The program gpg is used to verify that the release manager's signature is valid (Yishay's signature, for this release). You'll need to install it on your computer, and you'll need to import the Royale KEYS file.
Here are some links with more information: https://infra.apache.org/new-committers-guide.html#set-up-security-and-pgp-keys https://infra.apache.org/release-signing.html https://infra.apache.org/openpgp.html The Royale KEYS file: https://dist.apache.org/repos/dist/release/royale/KEYS -- Josh Tynjala Bowler Hat LLC <https://bowlerhat.dev> María José Esteve <hie...@apache.org> wrote: > I do not identify the cause of the error, gpg?: >
