No apologies. :)
> On Nov 17, 2015, at 11:33 AM, Udo Rader <[email protected]> wrote:
>
> sorry for the noise & being probably paranoid here, but I've once had to
> deal with compromized source code (proftpd) and I promised myself to
> cross check as much as I can ...
>
> On 11/17/2015 06:35 PM, John Kinsella wrote:
>> Thanks.
>>
>> Rohit’s out sick, but I’ve reached out to coworkers to see when we can get
>> that straightened out. I’m confident it’s not a security risk, but will
>> update once we can confirm that.
>>
>> John
>>
>>> On Nov 17, 2015, at 9:12 AM, Udo Rader <[email protected]> wrote:
>>>
>>> created a jira issue for this
>>> https://issues.apache.org/jira/browse/CLOUDSTACK-9070 ...
>>>
>>> On 11/17/2015 12:58 AM, John Kinsella wrote:
>>>> Rohit - looks like your key isn’t in
>>>> https://dist.apache.org/repos/dist/release/cloudstack/KEYS ?
>>>>
>>>> On Nov 16, 2015, at 3:43 PM, Udo Rader
>>>> <[email protected]<mailto:[email protected]>> wrote:
>>>>
>>>> Hi,
>>>>
>>>> I've downloaded the latest 4.5.2 tar.bz2 and tried to verify the
>>>> download using gpg, but gpg tells me that the used key is unknown:
>>>>
>>>> [udo@artio Downloads]$ gpg --verify apache-cloudstack-4.5.2-src.tar.bz2.asc
>>>> gpg: assuming signed data in `apache-cloudstack-4.5.2-src.tar.bz2'
>>>> gpg: Signature made Wed 19 Aug 2015 11:13:04 AM CEST using RSA key ID
>>>> 0EE3D884
>>>> gpg: Can't check signature: public key not found
>>>>
>>>> So is the key missing from http://www.apache.org/dist/cloudstack/KEYS or
>>>> am I missing something?
>>>>
>>>> Regards
>>>>
>>>> Udo
>>>>
>>
