2009/5/6 Rahul Akolkar
> On Wed, May 6, 2009 at 10:43 AM, Craig L Russell
> wrote:
> > Much better!
> >
>
> > [CraigRussell:~/Downloads] clr% gpg --verify
> > commons-chain-1.2-bin.tar.gz.asc
> > gpg: Signature made Tue May 5 22:13:09 2009 PDT using DSA key ID
> 42196CA8
> > gpg: Good signatur
>> I'd vote for this signature being valid to sign releases. Only incubator
>> releases right now, since it hasn't been signed by the Apache WOT. That can
>> be fixed at a Sign-a-Thon. ;-)
>>
> I'd vote for Apache Commons releases signed by any key thats in the
> KEYS file (regardless of WOT status
On Wed, May 6, 2009 at 10:43 AM, Craig L Russell wrote:
> Much better!
>
> [CraigRussell:~/Downloads] clr% gpg --verify
> commons-chain-1.2-bin.tar.gz.asc
> gpg: Signature made Tue May 5 22:13:09 2009 PDT using DSA key ID 42196CA8
> gpg: Good signature from "Christian Grobmeier (Apache Codesigni
Much better!
[CraigRussell:~/Downloads] clr% gpg --recv-keys 42196CA8
gpg: requesting key 42196CA8 from hkp server subkeys.pgp.net
gpg: key 42196CA8: public key "Christian Grobmeier (Apache
Codesigning) " imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0
>> http://people.apache.org/~grobmeier/test/grobmeier-codesigning.pub
>
> Thanks, that has allowed me to check the signature. Validates OK.
Cool!
> However I was unable to download the key from a keyserver - maybe
> there was a problem with the server I was using.
Strange... I uploaded it to: pg
On 06/05/2009, Christian Grobmeier wrote:
> > Can you upload the public key?
>
>
> http://people.apache.org/~grobmeier/test/grobmeier-codesigning.pub
>
Thanks, that has allowed me to check the signature. Validates OK.
However I was unable to download the key from a keyserver - maybe
there was a
> Can you upload the public key?
http://people.apache.org/~grobmeier/test/grobmeier-codesigning.pub
> It will need to be added to KEYS at some point if you are to use it.
Yes. I didn't understood when a key is beeing considered "trusted" at apache.
Meanwhile I think there is not such a policy. H
On 06/05/2009, Christian Grobmeier wrote:
> > gpg: Can't check signature: public key not found
> > [CraigRussell:~/Downloads] clr% gpg --recv-keys 42196CA8
> > gpg: requesting key 42196CA8 from hkp server subkeys.pgp.net
> > gpgkeys: key 42196CA8 not found on keyserver
>
>
> Thanks, i sent it t
> gpg: Can't check signature: public key not found
> [CraigRussell:~/Downloads] clr% gpg --recv-keys 42196CA8
> gpg: requesting key 42196CA8 from hkp server subkeys.pgp.net
> gpgkeys: key 42196CA8 not found on keyserver
Thanks, i sent it to several keyservers now :-)
Can you try again?
Christian
Not so good.
Here's what I get after downloading the two files:
[CraigRussell:~/Downloads] clr% gpg --verify commons-chain-1.2-
bin.tar.gz.asc
gpg: Signature made Tue May 5 22:13:09 2009 PDT using DSA key ID
42196CA8
gpg: Can't check signature: public key not found
[CraigRussell:~/Downloads
> Why not try creating a signature for an existing Commons release, e.g. IO?
> Upload it to your home directory on people, along with the public key,
> and some of us can see if it is usable.
That would be great! Thanks!
Here are the urls:
http://people.apache.org/~grobmeier/test/commons-chain-1.
Hi,
> as far as I remember CACert is about X.509 certificates and not PGP
> keys. If that assumption is true than this key is not usable for
> PGP-signing.
yes, but if you are assured at CACert they offer signing your PGP too.
Thanks
Christian
---
Why not try creating a signature for an existing Commons release, e.g. IO?
Upload it to your home directory on people, along with the public key,
and some of us can see if it is usable.
S.
On 05/05/2009, Siegfried Goeschl wrote:
> Hi Christian,
>
> as far as I remember CACert is about X.509 cer
Hi Christian,
as far as I remember CACert is about X.509 certificates and not PGP
keys. If that assumption is true than this key is not usable for
PGP-signing.
Cheers,
Siegfried Goeschl
Christian Grobmeier wrote:
> Hi all,
>
> I am sorry for asking dumb, but I am a complete idiot on all that
>
Hi all,
I am sorry for asking dumb, but I am a complete idiot on all that
encryption stuff.
I read this: http://wiki.apache.org/commons/CreatingReleases
and all the links in the section of signature keys. i understand how PGP works.
I have a key created and this has been signed by CACert where I
15 matches
Mail list logo
