velocity-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nathan Bubna" <nbu...@gmail.com>
Subject Re: Missing key for Velocity-Tools?
Date Wed, 09 Aug 2006 17:43:00 GMT
And it sure looks like my key is still in the KEYS file:

http://www.apache.org/dist/jakarta/velocity/KEYS

same id and all...

On 8/9/06, Nathan Bubna <nbubna@gmail.com> wrote:
> Yep, WinPT tells me that that is indeed my key ID.
>
> On 8/9/06, Paul Lynch <plynchnlm@gmail.com> wrote:
> > Nathan,
> >     I was able to get a key for you from pgp.mit.edu.  Are you able to
> > confirm that either the following key ID or fingerprint are yours?  (I
> > barely understand pgp myself, and I have no idea which of the two you should
> > confirm for me to trust it, so either will do. :-) )
> >
> > key ID 4885CED1
> > Primary key fingerprint: 7B97 51FC 3F01 F134 F476  464C D0EB 627D 4885 CED1
> >
> >    If you don't know, that's okay.  I just won't worry about it.
> >    Thanks,
> >             --Paul
> >
> > p.s.  After my import of the key from pgp.mit.edu, I no longer got the
> > "public key not found message", which makes suspect your key is not in the
> > KEYS file.
> >
> > On 8/8/06, Nathan Bubna <nbubna@gmail.com> wrote:
> > >
> > > hmm.  that's odd.  i know i changed keys a while ago, but i updated
> > > all the signatures of the releases when i did that.  and Henk Penning
> > > keeps a pretty tight watch on these with some script he runs.  you can
> > > see the latest signature problems of all apache releases on his user
> > > page:
> > >
> > > http://people.apache.org/~henkp/checker/sig.html
> > >
> > > it was via that that he noticed my key change and asked me to update
> > > my signatures.  i did and he hasn't complained since.
> > >
> > > anyway, i only bother with all this stuff every few years when i roll
> > > a release.  i don't remember very well how it all works, but couldn't
> > > you try another keyserver or something?
> > >
> > > On 8/8/06, Paul Lynch <plynchnlm@gmail.com> wrote:
> > > > I tried to verify the signature on the current velocity-tool binary
> > > > download, and got the following message:
> > > >
> > > > > gpg --verify velocity-tools-1.2.tar.gz.asc
> > > > gpg: Signature made Mon 14 Nov 2005 01:18:33 PM EST using DSA key ID
> > > > 4885CED1
> > > > gpg: Can't check signature: public key not found
> > > >
> > > > This occurred *after* I had run gpg --import on the KEYS file from the
> > > > download page.  (There are two KEYS files there, one for velocity and
> > > one
> > > > for velocity-tools; I imported both, and still got the error.)  Is it
> > > > possible that the key used to sign the download file is not in the KEYS
> > > > file?
> > > >
> > > > Thanks,
> > > >         --Paul Lynch
> > > >
> > > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail: velocity-user-help@jakarta.apache.org
> > >
> > >
> >
> >
>

---------------------------------------------------------------------
To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: velocity-user-help@jakarta.apache.org


Mime
View raw message