On Wed, Sep 29, 2010 at 9:14 AM, Richard Hirsch <[email protected]> wrote: > I tried it locally and got this: > > D:\apache\Release>gpg --verify apache-esme-1.1-incubating.src.tar.gz.asc > gpg: Signature made 09/24/10 14:55:32 using RSA key ID FA51B6C5 > gpg: Good signature from "Richard Hirsch (CODE SIGNING KEY) > <[email protected]> > " > > Could it be that I created my key incorrectly - I'm still a novice in > that area :->
The problem is that neither of the following files contain that FA51B6C5 key, so you probably need to update them by re-exporting that FA51B6C5 key: http://svn.apache.org/repos/asf/incubator/esme/trunk/KEYS http://apache.org/dist/incubator/esme/KEYS both contain your other 6FACF917 key (tested with curl <that URL> | gpg --import) - the binary block in them is the same despite the header saying otherwise. The signature of the .asc file is obviously right according to your test, but people should be able to get your key from those files. -Bertrand
