I'm not able to verify the signature against the provided KEYS file; does a key 
need to be added? 

$ /usr/lib/rpm/redhat/gpgverify 
--keyring=/home/jered/fedora-scm/trafficserver/KEYS 
--signature=/home/jered/fedora-scm/trafficserver/trafficserver-9.2.6.tar.bz2.asc
 --data=/home/jered/fedora-scm/trafficserver/trafficserver-9.2.6.tar.bz2 
gpgv: Signature made Tue 12 Nov 2024 07:03:29 PM UTC 
gpgv: using RSA key 73144AA83B10A97B04C1E98315AD62E940104E96 
gpgv: Can't check signature: No public key 
gpgverify: Signature verification failed. 

--Jered 

----- On Nov 12, 2024, at 3:31 PM, Evan Zelkowitz <e...@apache.org> wrote: 

> I've prepared a release for 9.2.6. The release notes are available at:

> [ https://github.com/apache/trafficserver/milestone/77 |
> https://github.com/apache/trafficserver/milestone/77 ]
> [
> https://docs.trafficserver.apache.org/en/latest/release-notes/upgrading.en.html
> |
> https://docs.trafficserver.apache.org/en/latest/release-notes/upgrading.en.html
> ]

> or for a brief ChangeLog:

> [ https://github.com/apache/trafficserver/blob/9.2.x/CHANGELOG-9.2.6 |
> https://github.com/apache/trafficserver/blob/9.2.x/CHANGELOG-9.2.6 ]

> The artifacts are available for download at:

> [ https://dist.apache.org/repos/dist/dev/trafficserver/9.2.6/ |
> https://dist.apache.org/repos/dist/dev/trafficserver/9.2.6/ ]

> SHA512 checksum:

> de5666847616db699d81ee32450adbbd5e5ccf3e6ca16ec679e432e3f8c7d7095bcb9e688c6ea759b7a4a57fc2db6af5bda9df94710245c320686107a159b204

> This corresponds to git refs:

> Hash: de3e58726f6f58a95266a41eaa31ff3c6fc14336
> Tag: 9.2.6-rc0

> Which can be verified with the following command:

> $ git tag -v 9.2.6-rc0

> All code signing keys are available here:

> [ https://dist.apache.org/repos/dist/dev/trafficserver/KEYS |
> https://dist.apache.org/repos/dist/dev/trafficserver/KEYS ]

> Make sure you refresh from a key server to get all relevant signatures

> Please test and cast your votes as early as possible.

Reply via email to