-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bill,
On 1/20/12 3:39 PM, Bill Rutledge wrote: > For apache-tomcat-7.0.23-windows-i64.zip, I used Kleopatra to > import the KEYS Do you mean this file? http://www.apache.org/dist/tomcat/tomcat-7/KEYS > and check the validity of the signatures in > apache-tomcat-7.0.23-windows-i64.zip.asc and got the following. > Does this look like I’ve made some mistake in this process? WFM: $ gpg --verify apache-tomcat-7.0.23-windows-i64.zip.asc apache-tomcat-7.0.23-windows-i64.zip gpg: Signature made Sun Nov 20 15:36:27 2011 EST using RSA key ID 2F6059E7 gpg: Good signature from "Mark E D Thomas <ma...@apache.org>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: A9C5 DF4D 22E9 9998 D987 5A51 10C0 1C5A 2F60 59E7 So, if you trust the key with the above fingerprint, you should be fine. Don't forget that you'll need to sign Mark's key if you want to actually trust it. Then the warning you see above will go away. (I don't trust Mark's key, yet, because he hasn't actually participated in a key signing event that I've attended. No offense, Mark.) - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8Z17oACgkQ9CaO5/Lv0PAo9wCfcn/ToHHqZS5ecn/zKeFF6MRj Mz0AnRfah7kilUPvTXLOJR3wWA4eMuv9 =Hcsn -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
