On Tue, Sep 28, 2010 at 11:59 AM, Richard Hirsch <[email protected]> wrote: > I had to create a new KEYS file, because I had a hard-disk crash and > lost my old gpg installation. In the meantime, I also have a new > laptop. So I created a new KEYS file on the new machine.
Fine, but doing the following doesn't allow me to verify the signature on the release candidate, does that work for you? $ curl -s http://svn.apache.org/repos/asf/incubator/esme/trunk/KEYS | gpg --import gpg: key 6FACF917: public key "Richard Hirsch (CODE SIGNING KEY) <[email protected]>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) $ gpg --verify apache-esme-1.1-incubating.src.tar.gz.asc gpg: Signature made Fri Sep 24 14:55:32 2010 CEST using RSA key ID FA51B6C5 gpg: Can't check signature: public key not found -Bertrand
