Hi! my bad: gpg --keyserver hkps://pgp.mit.edu/ --recv-keys 2D51AAC6 did not return the key, but gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 2D51AAC6 did.
Done that, I've checked the sigs and basically the ones on the wikipages folder are the ones giving trouble. In this release, the name from the wikipages artifacts changed from jspwiki-wikipages-$LANG-2.12.2.zip to jspwiki-wikipages-$LANG-2.12.2-jspwiki.zip, so perhaps the name change has to do with this error? Also the markdown zip don't contain the asc files. I think they were added on a second pass during the release vote, so maybe that's why there aren't the asc fils (if they aren't b/c those zips get autogenerated we can fix that on the next release). Also I copied a bunch of convenience jars on binaries/webapp that were lacking their signatures. Also my bad for copying them without checking first. As for a new release, given that ./source/jspwiki-builder-2.12.2-source-release.zip contains a valid signature I wouldn't go for a new release. This is *the* release file, the important one, whereas the rest are just convenience binaries, so I think is ok if we fix the sigs directly at svn. For the wikipages it should be as easy as git checkout 2.12.2 cd jspwiki-wikipages mvn clean install gpg:sign and then just copy the files and sigs. Same could be done for the other convenience jars too makes sense? Does anyone thinks that this should warrant a 2.12.3 release, just in any case? If anybody is uncomfortable with proceeding like above we can always go with 2.12.3 and fix it there. cheers, juan pablo On Mon, Jun 24, 2024 at 7:56 PM Arturo Bernal <aber...@apache.org> wrote: > > Hi, > > The key is available (gpg --list-keys --fingerprint 2D51AAC6), but I don't > think that will solve the issue. It seems that I might have generated the > signature incorrectly. > > I checked and, yes, there are binaries that were signed correctly. > Verification worked for jspwiki-portable-2.12.2-woas.zip with > jspwiki-portable-2.12.2-woas.zip.asc. > > > > Best regards,
