On Mon, 5 Nov 2018, Justin Mclean wrote:
Date: Mon, 5 Nov 2018 11:15:41 +0100
From: Justin Mclean <jus...@classsoftware.com>
To: general@incubator.apache.org
Subject: Re: [VOTE] Release of Apache Crail-1.1-incubating [rc3]
It is signed with an Apache email address:
$ gpg --verify apache-crail-1.1-incubating-src.tar.gz.asc
gpg: assuming signed data in `apache-crail-1.1-incubating-src.tar.gz'
gpg: Signature made Fri 26 Oct 2018 12:50:58 PM CEST using RSA key ID AA557B11
gpg: Good signature from "Jonas Pfefferle <peppe...@apache.org>”
Odd I get:
gpg: assuming signed data in 'apache-crail-1.1-incubating-bin.tar.gz'
gpg: Signature made Fri 26 Oct 21:50:58 2018 AEDT
gpg: using RSA key 9C196C5FAA557B11
gpg: Good signature from "Jonas Pfefferle <j...@zurich.ibm.com>" [unknown]
But it’s not a big issue or one that stops you making a release.
On 2018-08-21 Pfefferle added uid "peppe...@apache.org"
and revoked (the selfsig on) uid "j...@zurich.ibm.com".
Maybe you didn't refresh the signing key before using "gpg --verify".
gpg -v --refresh 0x9C196C5FAA557B11
Hint: always use the two-argument --verify
gpg --verify OBJ.asc OBJ
If OBJ.asc is erroneously created with --sign [-s] instead of
--detach-sign [-b], then the two-argument --verify gives an error.
Justin
Groeten,
HPP
------------------------------------------------------------ _
Henk P. Penning, ICT-beta R Uithof MG-403 _/ \_
Faculty of Science, Utrecht University T +31 30 253 4106 / \_/ \
Leuvenlaan 4, 3584CE Utrecht, NL F +31 30 253 4553 \_/ \_/
http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org
