I tried it locally and got this: D:\apache\Release>gpg --verify apache-esme-1.1-incubating.src.tar.gz.asc gpg: Signature made 09/24/10 14:55:32 using RSA key ID FA51B6C5 gpg: Good signature from "Richard Hirsch (CODE SIGNING KEY) <[email protected]> "
Could it be that I created my key incorrectly - I'm still a novice in that area :-> D. On Tue, Sep 28, 2010 at 12:12 PM, Bertrand Delacretaz <[email protected]> wrote: > On Tue, Sep 28, 2010 at 11:59 AM, Richard Hirsch <[email protected]> > wrote: >> I had to create a new KEYS file, because I had a hard-disk crash and >> lost my old gpg installation. In the meantime, I also have a new >> laptop. So I created a new KEYS file on the new machine. > > Fine, but doing the following doesn't allow me to verify the signature > on the release candidate, does that work for you? > > $ curl -s http://svn.apache.org/repos/asf/incubator/esme/trunk/KEYS | > gpg --import > gpg: key 6FACF917: public key "Richard Hirsch (CODE SIGNING KEY) > <[email protected]>" imported > gpg: Total number processed: 1 > gpg: imported: 1 (RSA: 1) > > $ gpg --verify apache-esme-1.1-incubating.src.tar.gz.asc > gpg: Signature made Fri Sep 24 14:55:32 2010 CEST using RSA key ID FA51B6C5 > gpg: Can't check signature: public key not found > > -Bertrand >
