Hi Nixon- thanks for the reply. I edited it to (ultimately) trust it but still get a BAD signature. $ gpg --verify apache-atlas-2.0.0-sources.tar.gz.asc apache-atlas-2.0.0-sources.tar.gz gpg: Signature made Mon May 6 20:59:44 2019 Universal gpg: using RSA key BC908209E9E065EA4BEB7F9360843E5397FDDE92 gpg: BAD signature from "Sarath Subramanian <[email protected]>" [ultimate]
From: Nixon Rodrigues <[email protected]> Sent: Tuesday, June 04, 2019 9:41 AM To: [email protected] Subject: Re: gpg BAD signature Steve, I am not facing issue with signature from [email protected]<mailto:[email protected]>. nixon@MacBook-Pro release2.0-testing $ gpg --receive-keys BC908209E9E065EA4BEB7F9360843E5397FDDE92 gpg: key 60843E5397FDDE92: public key "Sarath Subramanian <[email protected]<mailto:[email protected]>>" imported gpg: Total number processed: 1 gpg: imported: 1 nixon@MacBook-Pro release2.0-testing $ gpg --verify apache-atlas-2.0.0-sources.tar.gz.asc apache-atlas-2.0.0-sources.tar.gz gpg: Signature made Tue May 7 02:29:44 2019 IST gpg: using RSA key BC908209E9E065EA4BEB7F9360843E5397FDDE92 gpg: Good signature from "Sarath Subramanian <[email protected]<mailto:[email protected]>>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. can you edit sarath's key to trust it. "gpg --edit-key [email protected]<mailto:[email protected]>" Nixon On Tue, Jun 4, 2019 at 6:08 PM Vejcik, Steve <[email protected]<mailto:[email protected]>> wrote: Hi all- Looking forward to kicking the tires on Atlas. Anyone have= any issues verifying the signature from the 2.0 source tarball? $ gpg --verify apache-atlas-2.0.0-sources.tar.gz.asc apache-atlas-2.0.0-sou= rces.tar.gz.1 gpg: Signature made Mon May 6 20:59:44 2019 Universal gpg: using RSA key BC908209E9E065EA4BEB7F9360843E5397FDDE92 gpg: BAD signature from "Sarath Subramanian <[email protected]<mailto:[email protected]>>" [unknown] Before this, I imported the Keys and noted 6 keys including: gpg: key 60843E5397FDDE92: public key "Sarath Subramanian <[email protected]= g>" imported which does not match the key returned from the verify command. Ideas? Does it matter?
