The signature verifies properly using key 17AA5B25 fetched from
pgp.mit.edu.
% gpg --keyserver pgp.mit.edu --recv-key 17AA5B25
gpg: key 17AA5B25: public key "David Johnson <[EMAIL PROTECTED]>"
imported
gpg: Total number processed: 1
gpg: imported: 1
% gpg --verify apache-roller-2.3-rc4-incubating.tar.gz.asc.txt
apache-roller-2.3-rc4-incubating.tar.gz
gpg: Signature made Wed 24 May 2006 05:44:22 PM PDT using DSA key ID
17AA5B25
gpg: Good signature from "David Johnson <[EMAIL PROTECTED]>"
...
I've got a pretty minimal trustdb, so there were trust complaints, but the
signature looks good.
----- Original Message -----
From: "Dave Johnson" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Monday, May 29, 2006 9:00 PM
Subject: Re: signature verification on 2.3 RC4 package?
OK. I have now uploaded my correct key (the one from the ApacheCon
2005 key-signing) to pgp.mit.edu and put it into the KEYS file.
Henri and Anil, will you please try again to verify RC4.
- Dave
On 5/29/06, Henri Yandell <[EMAIL PROTECTED]> wrote:
On 5/28/06, Noel J. Bergman <[EMAIL PROTECTED]> wrote:
> Henri Yandell wrote:
>
> > The files are signed with 17AA5B25, but KEYS contains 456DFEA9.
>
> Can you check that again? I have not tried to verify the signatures,
> but my
> handwritten info from AC US 2005 for his key indicate 17AAB525, not
> 17AA5B25. Neither is posted to the PGP servers, e.g., pgp.mit.edu.
copy and pasting:
"gpg: Signature made Wed May 24 17:45:11 2006 PDT using DSA key ID
17AA5B25"
> > pub 1024D/456DFEA9 2006-05-17 David M. Johnson \
> > (Dave Johnson) <[EMAIL PROTECTED]>
>
> New key? I suppose that he can get Ken and/or Sam to sign it, since
> they
> are local.
Or accidentally signed with his email key as opposed to release key.
Reminds me that I have to get my key signed in Dublin.
Hen
