Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Threaded View
HBase, mail # dev - ANN:0.90.6  RC5 available for download


Copy link to this message
-
Re: ANN:0.90.6 RC5 available for download
Todd Lipcon 2012-03-15, 04:31
You probably want to do:
gpg --keyserver pgp.mit.edu --recv-keys 30CD0996

That wlil update Stack's keys and its signatures from the central
repo. Though you still won't have a "web of trust" unless you have
also signed a bunch of keys, I don't think. But I've signed Owen's key
3D0C92B9, and Owen has signed Stack's key 30CD0996, so I can verify
that signature.

-Todd

On Wed, Mar 14, 2012 at 10:49 AM, Jonathan Hsieh <[EMAIL PROTECTED]> wrote:
> Sorry about my ignorance about this -- I'm new to the gpg tools. I missed
> stack's key when I checked in the asc file.  I just ran thought the steps I
> could gather and  here's what I get.  I'm not completely sure but I believe
> there is still something not quite right with this (same WARNING on stack's
> and ram's signature).
>
> Am I doing something wrong? (or just worrying too much..)
>
> ----
> [jon@c0309 dist]$ curl
> http://svn.apache.org/viewvc/hbase/dist/KEYS?view=co> KEYS
> [jon@c0309 dist]$ gpg --import KEYS
> gpg: key 30CD0996: public key "Michael Stack <[EMAIL PROTECTED]>" imported
> gpg: key 945D66AF: public key "Jean-Daniel Cryans (ASF key) <
> [EMAIL PROTECTED]>" imported
> gpg: key D34B98D6: public key "Michael Stack <[EMAIL PROTECTED]>" imported
> gpg: key AEC77EAF: public key "Todd Lipcon <[EMAIL PROTECTED]>" imported
> gpg: Total number processed: 4
> gpg:               imported: 4  (RSA: 2)
> [jon@c0309 dist]$ gpg --verify hbase-0.90.6.tar.gz.asc.1
> hbase-0.90.6-rc5.tar.gz
> gpg: Signature made Fri 02 Mar 2012 10:40:13 AM PST using RSA key ID
> 30CD0996
> gpg: Good signature from "Michael Stack <[EMAIL PROTECTED]>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the
> owner.
> Primary key fingerprint: 686E 5EDF 04A4 8305 5416  0910 DF0F 5BBC 30CD 0996
> gpg: Signature made Fri 02 Mar 2012 09:40:28 AM PST using RSA key ID
> 867B57B8
> gpg: Good signature from "Ramkrishna S Vasudevan (for code checkin) <
> [EMAIL PROTECTED]>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the
> owner.
> Primary key fingerprint: 7405 BB74 016B E7D0 7B25  15E3 A1AB D56E 867B 57B8
> [jon@c0309 dist]$
> [jon@c0309 dist]$  # this is stack's
> [jon@c0309 dist]$ gpg --fingerprint 30cd0996
> pub   2048R/30CD0996 2010-05-03
>      Key fingerprint = 686E 5EDF 04A4 8305 5416  0910 DF0F 5BBC 30CD 0996
> uid                  Michael Stack <[EMAIL PROTECTED]>
> sub   2048R/00A5F21E 2010-05-03
> ---
>
> Jon.
>
>
> On Wed, Mar 14, 2012 at 10:06 AM, Stack <[EMAIL PROTECTED]> wrote:
>
>> On Wed, Mar 14, 2012 at 9:21 AM, Jonathan Hsieh <[EMAIL PROTECTED]> wrote:
>> > We need get the gpg signature fixed since you aren't in the web of trust
>> > yet.  We need to add stack's and I'd like to add mine once my keys get
>> > added to the web of trust (folks are a little more accessible here).
>> >
>>
>> I thought I signed it.
>>
>> if not, can check the bits and sign before release.
>>
>> Thanks for taking her for a spin Jon.
>> St.Ack
>>
>
>
>
> --
> // Jonathan Hsieh (shay)
> // Software Engineer, Cloudera
> // [EMAIL PROTECTED]

--
Todd Lipcon
Software Engineer, Cloudera