Hi,

I'm trying to follow these instructions
https://activemq.apache.org/components/artemis/download/#verify-the-integrity-of-downloads
to verify the archive of apache-artemis-2.32.2.tar.gz (I tried also with
the zip), but it seems it's not working as expected, am I missing something?

$ gpg --import KEYS
gpg: key 9FF25980F5BA7E4F: public key "Hiram Chirino <hi...@hiramchirino.com>"
imported
gpg: key FEFEFED7A2F9E313: 1 signature not checked due to a missing key
gpg: key FEFEFED7A2F9E313: public key "David Jencks (CODE SIGNING KEY) <
djen...@apache.org>" imported
gpg: key DCEBFD5F43C5BCC7: 1 signature not checked due to a missing key
gpg: key DCEBFD5F43C5BCC7: public key "Jim Gomes (Apache Software
Foundation Key) <jgo...@apache.org>" imported
gpg: key A05EBEE656F3E01B: public key "David Jencks (geronimo) <
david_jen...@yahoo.com>" imported
gpg: key D2E3BE73456DFEA9: public key "David M. Johnson (Dave Johnson) <
snoopd...@apache.org>" imported
gpg: key FD9ED9F117AA5B25: 14 signatures not checked due to missing keys
gpg: key FD9ED9F117AA5B25: public key "David Johnson <snoopd...@apache.org>"
imported
gpg: key F135DBE269CC103E: public key "Gary Tully (key for apache releases)
<gary.tu...@gmail.com>" imported
gpg: key FEEA5B232C983957: public key "Bruce Snyder <bsny...@apache.org>"
imported
gpg: key C31A3F706852C7DA: public key "Dejan Bosanac <de...@nighttale.net>"
imported
gpg: key 62ED4DF0BACB8793: public key "Dejan Bosanac <de...@nighttale.net>"
imported
gpg: key 152266726A70C608: 1 signature not checked due to a missing key
gpg: key 152266726A70C608: public key "Hadrian Zbarcea <hadr...@apache.org>"
imported
gpg: key E0067B722B1A9558: public key "Claus Ibsen <claus.ib...@gmail.com>"
imported
gpg: key 0F0E47D4BB8FA6E3: 1 signature not checked due to a missing key
gpg: key 0F0E47D4BB8FA6E3: public key "Arthur Naseef (4K Personal Key for
Arthur Naseef created January 2015) <a...@artnaseef.com>" imported
gpg: key 858FC4C4F43856A3: 40 signatures not checked due to missing keys
gpg: key 858FC4C4F43856A3: public key "J. Daniel Kulp <d...@kulp.com>"
imported
gpg: key 7EF9AB1DF5A0DF5D: public key "Timothy Bish <tabish...@gmail.com>"
imported
gpg: key 1B161203012672EB: public key "Timothy Bish (CODE SIGNING KEY) <
tabish...@gmail.com>" imported
gpg: key 87A7F75A6A8BA5FC: public key "Christopher L. Shannon (CODE SIGNING
KEY) <christopher.l.shan...@gmail.com>" imported
gpg: key 76986236CDA7ADF1: public key "Martyn Taylor <mtay...@redhat.com>"
imported
gpg: key 54A43F3254868410: public key "Clebert Suconic (
clebertsuco...@apache.org) <clebertsuco...@apache.org>" imported
gpg: key F65D88E0295B2B2F: public key "John D. Ament <johndam...@apache.org>"
imported
gpg: key A64A5C2C6626D4BF: public key "Justin Bertram <jbert...@apache.org>"
imported
gpg: key 1AD14F48D0EBE407: public key "Michael Andre Pearce (CODE SIGNING
KEY) <michaelpea...@apache.org>" imported
gpg: key BFF2EE42C8282E76: public key "Jean-Baptiste Onofré <
jbono...@apache.org>" imported
gpg: key 2FA68D868BC04736: public key "Krzysztof Porebski (CODE SIGNING
KEY) <hav...@apache.org>" imported
gpg: key AA243E5D87E3F303: public key "Gary Tully (CODE SIGNING KEY) <
gtu...@apache.org>" imported
gpg: key C787CD44D8E0CAAB: public key "Domenico Francesco Bruscino <
brus...@apache.org>" imported
gpg: key F41830B875BB8633: public key "Justin Bertram <jbert...@apache.org>"
imported
gpg: Total number processed: 27
gpg:               imported: 27
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u


$ gpg --verify apache-artemis-2.31.2-bin.tar.gz.asc
gpg: assuming signed data in 'apache-artemis-2.31.2-bin.tar.gz'
gpg: Signature made Fri 27 Oct 2023 12:22:42 PM CEST
gpg:                using RSA key EA3C1038565EB6A004B0764D74D820B854FDD85D
gpg: Can't check signature: No public key

Thanks,
Riccardo

Reply via email to