Hi Junio,
I noticed that the v1.7.8-rc1 tag took about 24 hours to appear in the
kernel.org (and repo.or.cz) repository after you announced it and actually
pushed the branch out.
So, unusually, I decided to verify the tag when it did appear. However, it
did not verify! It seems that ever since v1.7.7 (ie v1.7.7.x and v1.7.8-rcx),
you have been signing the release tags with a new key-pair. (I assume that
you generated new keys at the beginning of October for use on kernel.org)
viz:
ramsay (master)$ git tag -v v1.7.7
object 703f05ad5835cff92b12c29aecf8d724c8c847e2
type commit
tag v1.7.7
tagger Junio C Hamano <gitster@xxxxxxxxx> 1317417666 -0700
Git 1.7.7
gpg: Signature made Fri Sep 30 22:21:06 2011 GMTDT using DSA key ID F3119B9A
gpg: Good signature from "Junio C Hamano <gitster@xxxxxxxxx>"
gpg: aka "Junio C Hamano <junkio@xxxxxxx>"
gpg: aka "[jpeg image of size 1513]"
gpg: aka "Junio C Hamano <jch@xxxxxxxxxx>"
gpg: aka "Junio C Hamano <junio@xxxxxxxxx>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 3565 2A26 2040 E066 C9A7 4A7D C0C6 D9A4 F311 9B9A
ramsay (master)$ git tag -v v1.7.8-rc1
object 4cb6764227173a6483edbdad09121651bc0b01c3
type commit
tag v1.7.8-rc1
tagger Junio C Hamano <gitster@xxxxxxxxx> 1320713324 -0800
Git 1.7.8-rc1
gpg: Signature made Tue Nov 8 00:48:44 2011 GMTST using RSA key ID 96AFE6CB
gpg: Can't check signature: public key not found
error: could not verify the tag 'v1.7.8-rc1'
ramsay (master)$
Note the key ID 96AFE6CB.
Are you planning to create an junio-gpg-pub-v2 tag? (or are you making it
available from a keyserver?)
If I have missed an announcement on this, then sorry for the noise!
ATB,
Ramsay Jones
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html