I'm not able to verify the signature against the provided KEYS file; does a key need to be added?
$ /usr/lib/rpm/redhat/gpgverify --keyring=/home/jered/fedora-scm/trafficserver/KEYS --signature=/home/jered/fedora-scm/trafficserver/trafficserver-9.2.6.tar.bz2.asc --data=/home/jered/fedora-scm/trafficserver/trafficserver-9.2.6.tar.bz2 gpgv: Signature made Tue 12 Nov 2024 07:03:29 PM UTC gpgv: using RSA key 73144AA83B10A97B04C1E98315AD62E940104E96 gpgv: Can't check signature: No public key gpgverify: Signature verification failed. --Jered ----- On Nov 12, 2024, at 3:31 PM, Evan Zelkowitz <e...@apache.org> wrote: > I've prepared a release for 9.2.6. The release notes are available at: > [ https://github.com/apache/trafficserver/milestone/77 | > https://github.com/apache/trafficserver/milestone/77 ] > [ > https://docs.trafficserver.apache.org/en/latest/release-notes/upgrading.en.html > | > https://docs.trafficserver.apache.org/en/latest/release-notes/upgrading.en.html > ] > or for a brief ChangeLog: > [ https://github.com/apache/trafficserver/blob/9.2.x/CHANGELOG-9.2.6 | > https://github.com/apache/trafficserver/blob/9.2.x/CHANGELOG-9.2.6 ] > The artifacts are available for download at: > [ https://dist.apache.org/repos/dist/dev/trafficserver/9.2.6/ | > https://dist.apache.org/repos/dist/dev/trafficserver/9.2.6/ ] > SHA512 checksum: > de5666847616db699d81ee32450adbbd5e5ccf3e6ca16ec679e432e3f8c7d7095bcb9e688c6ea759b7a4a57fc2db6af5bda9df94710245c320686107a159b204 > This corresponds to git refs: > Hash: de3e58726f6f58a95266a41eaa31ff3c6fc14336 > Tag: 9.2.6-rc0 > Which can be verified with the following command: > $ git tag -v 9.2.6-rc0 > All code signing keys are available here: > [ https://dist.apache.org/repos/dist/dev/trafficserver/KEYS | > https://dist.apache.org/repos/dist/dev/trafficserver/KEYS ] > Make sure you refresh from a key server to get all relevant signatures > Please test and cast your votes as early as possible.