You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@maven.apache.org by Jason Pyeron <jp...@pdinc.us> on 2020/02/19 18:26:49 UTC

RE: [maven] Re: Is key 0x0CDE80149711EB46DFF17AE421A24B3F8B0F594A for Karl Heinz Marbaise trusted?

> -----Original Message-----
> From: Karl Heinz Marbaise
> Sent: Wednesday, February 19, 2020 1:07 PM
> 
> Hi,
> 
> On 19.02.20 17:04, Ward, Evan wrote:
> > Hi,
> >
> > I have been attempting to verify the signatures on maven plugins using
> > the instructions on the downloads page, e.g. [1]. Several plugins have
> > been signed by the key 0x0CDE80149711EB46DFF17AE421A24B3F8B0F594A which
<snip/>
> > If so please add it to the keys file. Karl has other keys in the KEYS file - is there a reason this
> specific key is not trusted?
> 
> What do you mean exactly by "not trusted" ? ...You are checking via gpg
> --verify ?

I think he meant that it is not included in the Apache Maven "Authorized" signing keys list found at: 

<snip/>

> > [2] https://www.apache.org/dist/maven/KEYS


--
Jason Pyeron  | Architect
PD Inc        |
10 w 24th St  |
Baltimore, MD |
 
.mil: jason.j.pyeron.ctr@mail.mil
.com: jpyeron@pdinc.us
tel : 202-741-9397





---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org