RE: Cannot Validate Signature for apache-tomcat-7.0.23-windows-i64.zip

Tue, 24 Jan 2012 12:03:26 -0800 

Chris,



I appreciate your help.



I signed and trusted Mark's certificate:



[cid:image001.png@01CCDAA8.11318280]



I tried to verify it, but it came up bad:



[cid:image002.png@01CCDAA8.11318280]





















-----Original Message-----
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Friday, January 20, 2012 4:08 PM
To: Tomcat Users List
Subject: Re: Cannot Validate Signature for apache-tomcat-7.0.23-windows-i64.zip



-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1



Bill,



On 1/20/12 3:39 PM, Bill Rutledge wrote:

> For apache-tomcat-7.0.23-windows-i64.zip, I used Kleopatra to import

> the KEYS



Do you mean this file?



http://www.apache.org/dist/tomcat/tomcat-7/KEYS



> and check the validity of the signatures in

> apache-tomcat-7.0.23-windows-i64.zip.asc and got the following.

> Does this look like I’ve made some mistake in this process?



WFM:



$ gpg --verify apache-tomcat-7.0.23-windows-i64.zip.asc

apache-tomcat-7.0.23-windows-i64.zip

gpg: Signature made Sun Nov 20 15:36:27 2011 EST using RSA key ID 2F6059E7

gpg: Good signature from "Mark E D Thomas 
<ma...@apache.org<mailto:ma...@apache.org>>"

gpg: WARNING: This key is not certified with a trusted signature!

gpg:          There is no indication that the signature belongs to the

owner.

Primary key fingerprint: A9C5 DF4D 22E9 9998 D987  5A51 10C0 1C5A 2F60

59E7



So, if you trust the key with the above fingerprint, you should be fine.



Don't forget that you'll need to sign Mark's key if you want to actually trust 
it. Then the warning you see above will go away.



(I don't trust Mark's key, yet, because he hasn't actually participated in a 
key signing event that I've attended. No offense, Mark.)



- -chris

-----BEGIN PGP SIGNATURE-----

Version: GnuPG/MacGPG2 v2.0.17 (Darwin)

Comment: GPGTools - http://gpgtools.org

Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/



iEYEARECAAYFAk8Z17oACgkQ9CaO5/Lv0PAo9wCfcn/ToHHqZS5ecn/zKeFF6MRj

Mz0AnRfah7kilUPvTXLOJR3wWA4eMuv9

=Hcsn

-----END PGP SIGNATURE-----



---------------------------------------------------------------------

To unsubscribe, e-mail: 
users-unsubscr...@tomcat.apache.org<mailto:users-unsubscr...@tomcat.apache.org>

For additional commands, e-mail: 
users-h...@tomcat.apache.org<mailto:users-h...@tomcat.apache.org>

Reply via email to