Hi, I'm trying to follow these instructions https://activemq.apache.org/components/artemis/download/#verify-the-integrity-of-downloads to verify the archive of apache-artemis-2.32.2.tar.gz (I tried also with the zip), but it seems it's not working as expected, am I missing something?
$ gpg --import KEYS gpg: key 9FF25980F5BA7E4F: public key "Hiram Chirino <hi...@hiramchirino.com>" imported gpg: key FEFEFED7A2F9E313: 1 signature not checked due to a missing key gpg: key FEFEFED7A2F9E313: public key "David Jencks (CODE SIGNING KEY) < djen...@apache.org>" imported gpg: key DCEBFD5F43C5BCC7: 1 signature not checked due to a missing key gpg: key DCEBFD5F43C5BCC7: public key "Jim Gomes (Apache Software Foundation Key) <jgo...@apache.org>" imported gpg: key A05EBEE656F3E01B: public key "David Jencks (geronimo) < david_jen...@yahoo.com>" imported gpg: key D2E3BE73456DFEA9: public key "David M. Johnson (Dave Johnson) < snoopd...@apache.org>" imported gpg: key FD9ED9F117AA5B25: 14 signatures not checked due to missing keys gpg: key FD9ED9F117AA5B25: public key "David Johnson <snoopd...@apache.org>" imported gpg: key F135DBE269CC103E: public key "Gary Tully (key for apache releases) <gary.tu...@gmail.com>" imported gpg: key FEEA5B232C983957: public key "Bruce Snyder <bsny...@apache.org>" imported gpg: key C31A3F706852C7DA: public key "Dejan Bosanac <de...@nighttale.net>" imported gpg: key 62ED4DF0BACB8793: public key "Dejan Bosanac <de...@nighttale.net>" imported gpg: key 152266726A70C608: 1 signature not checked due to a missing key gpg: key 152266726A70C608: public key "Hadrian Zbarcea <hadr...@apache.org>" imported gpg: key E0067B722B1A9558: public key "Claus Ibsen <claus.ib...@gmail.com>" imported gpg: key 0F0E47D4BB8FA6E3: 1 signature not checked due to a missing key gpg: key 0F0E47D4BB8FA6E3: public key "Arthur Naseef (4K Personal Key for Arthur Naseef created January 2015) <a...@artnaseef.com>" imported gpg: key 858FC4C4F43856A3: 40 signatures not checked due to missing keys gpg: key 858FC4C4F43856A3: public key "J. Daniel Kulp <d...@kulp.com>" imported gpg: key 7EF9AB1DF5A0DF5D: public key "Timothy Bish <tabish...@gmail.com>" imported gpg: key 1B161203012672EB: public key "Timothy Bish (CODE SIGNING KEY) < tabish...@gmail.com>" imported gpg: key 87A7F75A6A8BA5FC: public key "Christopher L. Shannon (CODE SIGNING KEY) <christopher.l.shan...@gmail.com>" imported gpg: key 76986236CDA7ADF1: public key "Martyn Taylor <mtay...@redhat.com>" imported gpg: key 54A43F3254868410: public key "Clebert Suconic ( clebertsuco...@apache.org) <clebertsuco...@apache.org>" imported gpg: key F65D88E0295B2B2F: public key "John D. Ament <johndam...@apache.org>" imported gpg: key A64A5C2C6626D4BF: public key "Justin Bertram <jbert...@apache.org>" imported gpg: key 1AD14F48D0EBE407: public key "Michael Andre Pearce (CODE SIGNING KEY) <michaelpea...@apache.org>" imported gpg: key BFF2EE42C8282E76: public key "Jean-Baptiste Onofré < jbono...@apache.org>" imported gpg: key 2FA68D868BC04736: public key "Krzysztof Porebski (CODE SIGNING KEY) <hav...@apache.org>" imported gpg: key AA243E5D87E3F303: public key "Gary Tully (CODE SIGNING KEY) < gtu...@apache.org>" imported gpg: key C787CD44D8E0CAAB: public key "Domenico Francesco Bruscino < brus...@apache.org>" imported gpg: key F41830B875BB8633: public key "Justin Bertram <jbert...@apache.org>" imported gpg: Total number processed: 27 gpg: imported: 27 gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u $ gpg --verify apache-artemis-2.31.2-bin.tar.gz.asc gpg: assuming signed data in 'apache-artemis-2.31.2-bin.tar.gz' gpg: Signature made Fri 27 Oct 2023 12:22:42 PM CEST gpg: using RSA key EA3C1038565EB6A004B0764D74D820B854FDD85D gpg: Can't check signature: No public key Thanks, Riccardo
