They fail for me too. I added some standard instructions to the KEYS file. Dave, you also need to run:
gpg --fingerprint --list-sigs <your key name> and put it above the public key, as with: http://www.apache.org/dist/jakarta/commons/fileupload/KEYS The files are signed with 17AA5B25, but KEYS contains 456DFEA9. Running 'gpg --list-secret-keys' should help here. I'm guessing it's going to show two keys. Hen On 5/28/06, Anil Gangolli <[EMAIL PROTECTED]> wrote:
Has anyone been able to verify the signature on the rc4 package? I'm a gpg novice, but from what I can tell the keyId of the key used to sign the package doesn't match the key id of Dave's key I obtained from /roller/KEYS. Is this my problem or not? --a. ------------- % gpg --verify apache-roller-2.3-rc4-incubating.tar.gz.asc.txt apache-roller-2.3-rc4-incubating.tar.gz gpg: Signature made Wed 24 May 2006 05:44:22 PM PDT using DSA key ID 17AA5B25 gpg: Can't check signature: public key not found Here's the info on the sole key I got from /roller/KEYS in the repository. % gpg --list-keys "David" pub 1024D/456DFEA9 2006-05-17 David M. Johnson (Dave Johnson) <[EMAIL PROTECTED]> sub 2048g/07AE9419 2006-05-17
