Not so good. Here's what I get after downloading the two files:
[CraigRussell:~/Downloads] clr% gpg --verify commons-chain-1.2- bin.tar.gz.asc gpg: Signature made Tue May 5 22:13:09 2009 PDT using DSA key ID 42196CA8
gpg: Can't check signature: public key not found [CraigRussell:~/Downloads] clr% gpg --recv-keys 42196CA8 gpg: requesting key 42196CA8 from hkp server subkeys.pgp.net gpgkeys: key 42196CA8 not found on keyserver gpg: no valid OpenPGP data found. gpg: Total number processed: 0I'm no expert but it doesn't appear like the DSA key can be checked by gpg like all the Apache releases.
Craig On May 5, 2009, at 10:42 PM, Christian Grobmeier wrote:
Why not try creating a signature for an existing Commons release, e.g. IO? Upload it to your home directory on people, along with the public key,and some of us can see if it is usable.That would be great! Thanks! Here are the urls: http://people.apache.org/~grobmeier/test/commons-chain-1.2-bin.tar.gz http://people.apache.org/~grobmeier/test/commons-chain-1.2-bin.tar.gz.asc Cheers, Christian --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
Craig L Russell Architect, Sun Java Enterprise System http://db.apache.org/jdo 408 276-5638 mailto:[email protected] P.S. A good JDO? O, Gasp!
smime.p7s
Description: S/MIME cryptographic signature
