Hi all, (I post in this list since I downloaded from tomcat.apache.org. If there is a more appropriate list, off course I will try overthere)
1 - Downloaded the taglibs from http://tomcat.apache.org/download-taglibs.cgi#Standard-1.2.5 2 - Downloaded the PGP signatures for the files 2 - Downloaded KEYS. (The pgp public keys from the releaser(s) of the files) 3 - Imported the keys into gpg: martijn@radijs:~/external_documents/Downloads$ gpg --import KEYS gpg: sleutel A7A0233C: publieke sleutel "Jeremy Boynes <jboy...@apache.org>" geïmporteerd gpg: Totaal aantal verwerkt: 1 gpg: geïmporteerd: 1 (RSA: 1) martijn@radijs:~/external_documents/Downloads$ 4 - checked the signature of the downloaded files: martijn@radijs:~/external_documents/Downloads$ gpg taglibs-standard-impl-1.2.5.jar.asc gpg: gegevens in `taglibs-standard-impl-1.2.5.jar' worden verondersteld ondertekend te zijn gpg: Ondertekening gemaakt op di 10 mrt 2015 17:11:32 CET met RSA sleutel-ID A7A0233C gpg: Goede handtekening van "Jeremy Boynes <jboy...@apache.org>" gpg: Noot: Deze sleutel is vervallen! Vingerafdruk van de primaire sleutel: 8B46 CA49 EF48 37B8 C7F2 92DA A54A D08E A7A0 233C It's in dutch :-) The message is telling me that the file is signed by key A7A0233C (I never did sign this key myself..there is no trust..so gpg also tells me that) Then gpg tells me "This key is expired"!!! I'm not sure what to think of this...Is this a problem, or am I just to paranoid? Can anyone shine his/her light on this. -- Met vriendelijke groet, Martijn Bos (Public pgp-key : http://maboc.nl/pubkey.maboc.asc)
signature.asc
Description: Digital signature