On Tue, Nov 17, 2015 at 12:01:16AM +0100, Stephan Witt wrote: > Am 16.11.2015 um 23:50 schrieb Scott Kostyshak <skost...@lyx.org>: > > > On Mon, Nov 16, 2015 at 05:48:03PM -0500, Richard Heck wrote: > >> On 11/16/2015 05:39 PM, Scott Kostyshak wrote: > >>> On Mon, Nov 16, 2015 at 10:59:09AM +0100, Stephan Witt wrote: >> Am > >>> 14.11.2015 um 20:24 schrieb Scott Kostyshak <skost...@lyx.org>: > >>>>>>> Dear all, >>> >>> If you have time, please download the LyX > >> 2.2.0alpha1 tar and test that >>> it compiles/installs as expected. It > >> is located here: >>> >>> > >> ftp://ftp.lyx.org/pub/lyx/devel/lyx-2.2/lyx-2.2.0alpha1/ >>> >>> Also if > >> you can, please check that it verifies correctly. This is my >>> first > >> time signing a tar ball. >> >> The signature is ok. The build on Mac OS > >> X works. > > Thanks for checking these. > >> I've uploaded the result > >> here: >> >> > >> https://dl.dropboxusercontent.com/u/27842660/LyX-2.2.0alpha1%2Bqt5-x86_64-cocoa.dmg > >>>> > >> https://dl.dropboxusercontent.com/u/27842660/LyX-2.2.0alpha1%2Bqt5-x86_64-cocoa.dmg.sig > >>>>>> I've used Qt 5.5.1 to build it. > > Good choice. > > The key you > >> used to sign expired a year and a half ago: > > $ gpg --verify *sig > > >> gpg: assuming signed data in `LyX-2.2.0alpha1+qt5-x86_64-cocoa.dmg' > > >> gpg: Signature made Mon 16 Nov 2015 04:09:30 AM EST using RSA key ID > > >> EE614DC4 > gpg: Good signature from "LyX on Mac OS X (Signing LyX disk > >> images) > <sw...@lyx.org>" > gpg: Note: This key has expired! > Primary > >> key fingerprint: 4154 4A61 DBB7 7561 47C1 DD4F A149 7996 EE61 > 4DC4 > > >> $ > > Is this a problem? > I imagine it is not a problem for alpha, and > >> that I should go ahead and > upload your .dmg but I wanted to check first. > >> > >> Just to be clear: You should resign this with the LyX key. Stephan's > >> signature is only to guarantee to you that the binary is valid and from > >> him. > > > > Ah thanks for pointing this out. I actually did not know that. I will > > resign. > > Yes, please. At the time I made the key I gave it a time limit. Then I've > published it. Later - after the expiration, I made a new one and Vincent > "complained" that this key isn't published. I realized then that I can extend > the period of validity and did that. But now the key servers don't accept > this. > I don't know how to deal with that, sorry :(
Not a problem at all for me. I just wanted to double-check. Indeed, it is nice if the key is published. This should be easy with the command gpg --send-keys B6470BEB where B6470BEB is the ID you want to publish. It seems you have tried something like that and the keyserver gave an error? What is the error from that command? Scott
signature.asc
Description: PGP signature
