Udo Rader created CLOUDSTACK-9070: ------------------------------------- Summary: 4.5.x source downloads from apache.org fail gpg integrity test Key: CLOUDSTACK-9070 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9070 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Components: Install and Setup Affects Versions: 4.5.2, 4.5.1 Reporter: Udo Rader
as described in http://markmail.org/message/37udf7djizul5xuf the currently available source downloads fail the gpg integrity check because the key used to sign the packages is missing from http://www.apache.org/dist/cloudstack/KEYS -------CUT----- [udo@artio Downloads]$ gpg --verify apache-cloudstack-4.5.2-src.tar.bz2.asc gpg: assuming signed data in `apache-cloudstack-4.5.2-src.tar.bz2' gpg: Signature made Wed 19 Aug 2015 11:13:04 AM CEST using RSA key ID 0EE3D884 gpg: Can't check signature: public key not found -------CUT----- applies to 4.5.1 and 4.5.2 at least. At least to me this makes the integrity of the source downloads dubious ... -- This message was sent by Atlassian JIRA (v6.3.4#6332)