Sorry, the package has the wrong sign certificate. I'll close the rc1 for 2.9.2 and open start the rc2.
On 2022/01/24 09:33:32 PengHui Li wrote: > The Signature failed to verify > > ``` > ~/Downloads/release_2.9.2 ยป gpg --verify apache-pulsar-2.9.2-bin.tar.gz.asc > gpg: assuming signed data in 'apache-pulsar-2.9.2-bin.tar.gz' > gpg: Signature made Sat Jan 22 21:28:07 2022 CST > gpg: using RSA key 9F6FE6F28CC92CCB54B4E6F6C54B95E1C9106DA3 > gpg: Can't check signature: No public key > ``` > > Looks you are using a different key from the uploaded one. > > Regards, > Penghui > > On Sun, Jan 23, 2022 at 9:25 PM Ran Gao <r...@apache.org> wrote: > > > This is the first release candidate for Apache Pulsar, version 2.9.2. > > > > It fixes the many issues and the log4j security problem. > > > > *** Please download, test, and vote on this release. This vote will stay > > open > > for at least 72 hours *** > > > > Note that we are voting upon the source (tag), binaries are provided for > > convenience. > > > > Source and binary files: > > https://dist.apache.org/repos/dist/dev/pulsar/pulsar-2.9.2-candidate-1/ > > > > SHA-512 checksums: > > > > > > ccecec6ed53e9aea8882be0ee8d3e2dd353cde48033dad329d907580e2e472ac4b63e5467ccc5ec218ed7095a275526d78f7b9efb0dc467af4113848c2462673 > > ./apache-pulsar-2.9.2-bin.tar.gz > > > > ebc4422c7a293aaa2aa32cb1dbd0e7a96e1848ae0a6ad70fe14a672359704085e98a40d9f97af472306f4eba798615836485782f8975738a6771087f9dfb3cbe > > ./apache-pulsar-2.9.2-src.tar.gz > > > > Maven staging repo: > > https://repository.apache.org/content/repositories/orgapachepulsar-1132/ > > > > The tag to be voted upon: > > v2.9.2-candidate-1 (8a5d2253b888b3b865a2aedf635d6727777821c7) > > https://github.com/apache/pulsar/releases/tag/v2.9.2-candidate-1 > > > > Pulsar's KEYS file containing PGP keys we use to sign the release: > > https://dist.apache.org/repos/dist/dev/pulsar/KEYS > > > > Please download the source package, and follow the README to build > > and run the Pulsar standalone service. > > >
