-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 29/09/2011 12:17, Christopher Schultz wrote: > Mark, > > On 9/29/2011 8:09 AM, Mark Thomas wrote: >> On 28/09/2011 14:43, Christopher Schultz wrote: >>> Mark, >> >>> On 9/27/2011 5:36 PM, Mark Thomas wrote: >>>> The proposed Apache Tomcat 7.0.22 release is now available >>>> for voting. >>>> >>>> It can be obtained from: >>>> http://people.apache.org/~markt/dev/tomcat-7/v7.0.22/ The svn >>>> tag is: >>>> http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_22/ >>>> >>>> >>>> >> >>>> The proposed 7.0.21 release is: >>>> >>>> [ ] Broken - do not release [ ] Beta - go ahead and release >>>> as 7.0.22 Beta [X] Stable - go ahead and release as 7.0.22 >>>> Stable >> >>> + MD5 sums match. - GPG verifies with a key that Mark appears >>> to use for nothing else, no key signers :( >> >> Huh? >> >> $ gpg --verify catalina-jmx-remote.jar.asc >> catalina-jmx-remote.jar gpg: Signature made Tue 27 Sep 16:47:07 >> 2011 EDT using RSA key ID 2F6059E7 gpg: Good signature from "Mark >> E D Thomas <ma...@apache.org>" > > Running --verify wasn't the problem (it verifies). I was talking > about other people signing your GPG key.
The --verify was to show which key I used to sign the binaries. > It was also distinct from the other key I had for you (0x33C60243) > so I wasn't sure why there were two. Some ASF folks have two, one > clearly marked (CODE SIGNING KEY)... it just appears you haven't > done the same. See http://people.apache.org/~markt/TRANSITION.asc I use one key for everything. > Weird... I got no signers when I first obtained your key. Updating > the key shows 28 signatures so maybe I was on crack at the time. Or > now. > >> http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x10C01C5A2F6059E7 >> >> >> That key is very firmly in the ASF web of trust. >> >> It is also in the KEYS file. > > Yup, all is well. np Mark -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJOhKNWAAoJEBDAHFovYFnnRRMP/0XhOEToihEn0emgnhhY6yon FbnaT9E2cL8t/xcArKb36kWoftjtZOemk2bpBK6+dEM9bzserwLHv+pSF+okyxva InZ7owFvjcsLabNEWyYOGNjMPLPB3tD5otarF0D9EKA0zr09JJWUGdU0twUvswcj uO6fC3cmWd32mPteU6ZaDd1g6wyrXEyIa0o2F+RR0DugEQ2obCaP0pGdax0v54lV BP2EzLtp2TYyj467x9mM8Sae7FJ5iEEcxwwbBxoA5F7DuqG2ZOHqgtxg/nvKGXZk Jy8nMxt+YuoGbMNzH+tjdmYeDdpcm2oDzOhKDr4aR1ViImKTlv2jMY1XiE1L8THX 1RLSe6WXlEDhm7z1ExX1Fm968D6B1gPJ6OyWoAZZFPc5jiy3gIxIaouID8ZR7yLY juY0GcSH+FsgGOnKmL5kWhWnF+18PR/XwEe6vVcmTysuEr1xWUsVoqdMky4ho2Em ldiM8ekSsb8Nk8eaFVS2UBCHVGdu/31zoxQlAHXIHiXPhx2TtttQ5iQrzzTafD24 kGpLacVkdczLsT5n7FUpY5CIdYf6LeNQZM/HSkW+Bp1vfhdA471ovaNxghwOPU4B RlaPctkuXFLCcYOor7AYjymlgTxTWK68lzj24Q1LYkK68meM55lVeZ1N5ERZ+pkD GEhJqw/FLEGMgY/TyDSY =mb+O -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
