You are not missing anything, unfortunately I updated the redundant/unused 'dist dev area' KEYS file rather than the 'dist release area' KEYS file when I did the release, so when you checked earlier it simply didnt contain the appropriate key. It went unnoticed presumably as most people checking the release during the vote already have my key from other releases elsewhere.
I have updated the proper release area file now, and removed the redundant/unused dev one to avoid a repeat, so its now available in the file at: https://downloads.apache.org/activemq/KEYS Robbie On Wed, 13 Dec 2023 at 14:11, Riccardo Caselli <supercas...@gmail.com> wrote: > > Hi, > > I'm trying to follow these instructions > https://activemq.apache.org/components/artemis/download/#verify-the-integrity-of-downloads > to verify the archive of apache-artemis-2.32.2.tar.gz (I tried also with > the zip), but it seems it's not working as expected, am I missing something? > > $ gpg --import KEYS > gpg: key 9FF25980F5BA7E4F: public key "Hiram Chirino <hi...@hiramchirino.com>" > imported > gpg: key FEFEFED7A2F9E313: 1 signature not checked due to a missing key > gpg: key FEFEFED7A2F9E313: public key "David Jencks (CODE SIGNING KEY) < > djen...@apache.org>" imported > gpg: key DCEBFD5F43C5BCC7: 1 signature not checked due to a missing key > gpg: key DCEBFD5F43C5BCC7: public key "Jim Gomes (Apache Software > Foundation Key) <jgo...@apache.org>" imported > gpg: key A05EBEE656F3E01B: public key "David Jencks (geronimo) < > david_jen...@yahoo.com>" imported > gpg: key D2E3BE73456DFEA9: public key "David M. Johnson (Dave Johnson) < > snoopd...@apache.org>" imported > gpg: key FD9ED9F117AA5B25: 14 signatures not checked due to missing keys > gpg: key FD9ED9F117AA5B25: public key "David Johnson <snoopd...@apache.org>" > imported > gpg: key F135DBE269CC103E: public key "Gary Tully (key for apache releases) > <gary.tu...@gmail.com>" imported > gpg: key FEEA5B232C983957: public key "Bruce Snyder <bsny...@apache.org>" > imported > gpg: key C31A3F706852C7DA: public key "Dejan Bosanac <de...@nighttale.net>" > imported > gpg: key 62ED4DF0BACB8793: public key "Dejan Bosanac <de...@nighttale.net>" > imported > gpg: key 152266726A70C608: 1 signature not checked due to a missing key > gpg: key 152266726A70C608: public key "Hadrian Zbarcea <hadr...@apache.org>" > imported > gpg: key E0067B722B1A9558: public key "Claus Ibsen <claus.ib...@gmail.com>" > imported > gpg: key 0F0E47D4BB8FA6E3: 1 signature not checked due to a missing key > gpg: key 0F0E47D4BB8FA6E3: public key "Arthur Naseef (4K Personal Key for > Arthur Naseef created January 2015) <a...@artnaseef.com>" imported > gpg: key 858FC4C4F43856A3: 40 signatures not checked due to missing keys > gpg: key 858FC4C4F43856A3: public key "J. Daniel Kulp <d...@kulp.com>" > imported > gpg: key 7EF9AB1DF5A0DF5D: public key "Timothy Bish <tabish...@gmail.com>" > imported > gpg: key 1B161203012672EB: public key "Timothy Bish (CODE SIGNING KEY) < > tabish...@gmail.com>" imported > gpg: key 87A7F75A6A8BA5FC: public key "Christopher L. Shannon (CODE SIGNING > KEY) <christopher.l.shan...@gmail.com>" imported > gpg: key 76986236CDA7ADF1: public key "Martyn Taylor <mtay...@redhat.com>" > imported > gpg: key 54A43F3254868410: public key "Clebert Suconic ( > clebertsuco...@apache.org) <clebertsuco...@apache.org>" imported > gpg: key F65D88E0295B2B2F: public key "John D. Ament <johndam...@apache.org>" > imported > gpg: key A64A5C2C6626D4BF: public key "Justin Bertram <jbert...@apache.org>" > imported > gpg: key 1AD14F48D0EBE407: public key "Michael Andre Pearce (CODE SIGNING > KEY) <michaelpea...@apache.org>" imported > gpg: key BFF2EE42C8282E76: public key "Jean-Baptiste Onofré < > jbono...@apache.org>" imported > gpg: key 2FA68D868BC04736: public key "Krzysztof Porebski (CODE SIGNING > KEY) <hav...@apache.org>" imported > gpg: key AA243E5D87E3F303: public key "Gary Tully (CODE SIGNING KEY) < > gtu...@apache.org>" imported > gpg: key C787CD44D8E0CAAB: public key "Domenico Francesco Bruscino < > brus...@apache.org>" imported > gpg: key F41830B875BB8633: public key "Justin Bertram <jbert...@apache.org>" > imported > gpg: Total number processed: 27 > gpg: imported: 27 > gpg: marginals needed: 3 completes needed: 1 trust model: pgp > gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u > > > $ gpg --verify apache-artemis-2.31.2-bin.tar.gz.asc > gpg: assuming signed data in 'apache-artemis-2.31.2-bin.tar.gz' > gpg: Signature made Fri 27 Oct 2023 12:22:42 PM CEST > gpg: using RSA key EA3C1038565EB6A004B0764D74D820B854FDD85D > gpg: Can't check signature: No public key > > Thanks, > Riccardo
