THALES GROUP LIMITED DISTRIBUTION to email recipients Hello Richard,
Have you updated the KEYS file ? Because now I am able to see Markus Jung. Best Regards. -----Original Message----- From: COURTAULT Francois Sent: vendredi 12 septembre 2025 10:09 To: [email protected] Subject: RE: TomEE package verification not working THALES GROUP LIMITED DISTRIBUTION to email recipients Hello Richard, In the https://downloads.apache.org/tomee/KEYS file, I don't see any uid [ultimate] Markus Jung (CODE SIGNING KEY) <[email protected]> If I search (CODE SIGNING KEY) in the KEYS file, I get: - uid Richard Kenneth McGuire (CODE SIGNING KEY) <[email protected]> - uid Jarek Gawor (CODE SIGNING KEY) <[email protected]> - uid Jean-Louis Monteiro (CODE SIGNING KEY) <[email protected]> sig 3 043F71D8 2012-09-28 Jean-Louis Monteiro (CODE SIGNING KEY) <[email protected]> sig 043F71D8 2012-09-28 Jean-Louis Monteiro (CODE SIGNING KEY) <[email protected]> - uid [ ultime ] Jean-Louis Monteiro (CODE SIGNING KEY) <[email protected]> - uid [uneingeschränkt] Richard Zowalla (Code Signing Key) <[email protected]> sig 3 DAB472F0E5B8A431 2022-04-12 Richard Zowalla (Code Signing Key) <[email protected]> sig DAB472F0E5B8A431 2022-04-12 Richard Zowalla (Code Signing Key) <[email protected]> So no Markus Jung entry here. The only "uid [ultimate]" is set for David Blevins and not for Markus Jung. Best Regards. -----Original Message----- From: Richard Zowalla <[email protected]> Sent: jeudi 11 septembre 2025 19:15 To: [email protected] Subject: Re: TomEE package verification not working The link is correct. The key in question is contained in the file. pub rsa4096 2024-03-22 [SC] 85FBBE98D6C37CDA8A7D8FF9F9FF83A48D339D37 uid [ultimate] Markus Jung (CODE SIGNING KEY) <[email protected]> sig 3 F9FF83A48D339D37 2024-03-22 [self-signature] sub rsa4096 2024-03-22 [E] sig F9FF83A48D339D37 2024-03-22 [self-signature] The only change ist, that Markus did the Release for 10.1.1. Gruß Richard Am 11. September 2025 18:27:31 MESZ schrieb COURTAULT Francois <[email protected]>: >THALES GROUP LIMITED DISTRIBUTION to email recipients > >Hello everyone, > >In our pipeline for building TomEE Docker base images, we do this: >+ gpg --batch --verify apache-tomee-10.1.1-plus.tar.gz.asc >apache-tomee-10.1.1-plus.tar.gz >gpg: Signature made Sat Aug 16 12:18:25 2025 UTC >gpg: using RSA key 85FBBE98D6C37CDA8A7D8FF9F9FF83A48D339D37 >gpg: Can't check signature: No public key > >It was working with TomEE 10.1.0 but not anymore with TomEE 10.1.1. >The keys used are located at https://downloads.apache.org/tomee/KEYS >Is this location still valid for TomEE keys ? > >What has changed between 10.1.0 and 10.1.1 ? >How to fix this issue ? any idea ? > >Best Regards. > > >
