Sorry to be such a pest... On Wed, Sep 29, 2010 at 9:34 AM, Bertrand Delacretaz <[email protected]> wrote: > On Wed, Sep 29, 2010 at 9:14 AM, Richard Hirsch <[email protected]> wrote: >> I tried it locally and got this: >> >> D:\apache\Release>gpg --verify apache-esme-1.1-incubating.src.tar.gz.asc >> gpg: Signature made 09/24/10 14:55:32 using RSA key ID FA51B6C5 >> gpg: Good signature from "Richard Hirsch (CODE SIGNING KEY) >> <[email protected]> >> " >> >> Could it be that I created my key incorrectly - I'm still a novice in >> that area :-> > > The problem is that neither of the following files contain that > FA51B6C5 key, so you probably need to update them by re-exporting that > FA51B6C5 key:
But the line "pub 4096R/FA51B6C5 2010-09-21" is in http://svn.apache.org/repos/asf/incubator/esme/trunk/KEYS how do I re-export them using the FA51B6C5 key? > > http://svn.apache.org/repos/asf/incubator/esme/trunk/KEYS > http://apache.org/dist/incubator/esme/KEYS > > both contain your other 6FACF917 key (tested with curl <that URL> | > gpg --import) - the binary block in them is the same despite the > header saying otherwise. > > The signature of the .asc file is obviously right according to your > test, but people should be able to get your key from those files. > > -Bertrand >
