Thanks. Rohit’s out sick, but I’ve reached out to coworkers to see when we can get that straightened out. I’m confident it’s not a security risk, but will update once we can confirm that.
John > On Nov 17, 2015, at 9:12 AM, Udo Rader <[email protected]> wrote: > > created a jira issue for this > https://issues.apache.org/jira/browse/CLOUDSTACK-9070 ... > > On 11/17/2015 12:58 AM, John Kinsella wrote: >> Rohit - looks like your key isn’t in >> https://dist.apache.org/repos/dist/release/cloudstack/KEYS ? >> >> On Nov 16, 2015, at 3:43 PM, Udo Rader >> <[email protected]<mailto:[email protected]>> wrote: >> >> Hi, >> >> I've downloaded the latest 4.5.2 tar.bz2 and tried to verify the >> download using gpg, but gpg tells me that the used key is unknown: >> >> [udo@artio Downloads]$ gpg --verify apache-cloudstack-4.5.2-src.tar.bz2.asc >> gpg: assuming signed data in `apache-cloudstack-4.5.2-src.tar.bz2' >> gpg: Signature made Wed 19 Aug 2015 11:13:04 AM CEST using RSA key ID >> 0EE3D884 >> gpg: Can't check signature: public key not found >> >> So is the key missing from http://www.apache.org/dist/cloudstack/KEYS or >> am I missing something? >> >> Regards >> >> Udo >>
