You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "Rick Hall (JIRA)" <ji...@codehaus.org> on 2010/08/06 20:04:32 UTC

[jira] Created: (MNG-4753) BAD SIGNATURE (again)

BAD SIGNATURE (again)
---------------------

                 Key: MNG-4753
                 URL: http://jira.codehaus.org/browse/MNG-4753
             Project: Maven 2 & 3
          Issue Type: Bug
    Affects Versions: 2.2.1
         Environment: Linux Fedora Core 8
            Reporter: Rick Hall
         Attachments: apache-maven-2.2.1-bin.tar.gz, apache-maven-2.2.1-bin.tar.gz.asc, KEYS

Signature of apache-maven-2.2.1-bin.tar.gz failed with message "gpg: BAD signature from John Dennis Casey <jd...@commonjava.org>".

DETAILS:

$ wget http://www.apache.org/dyn/closer.cgi/maven/binaries/apache-maven-2.2.1-bin.tar.gz
$ wget http://www.apache.org/dist/maven/KEYS
$ gpg --import KEYS
$ gpg --verify apache-maven-2.2.1-bin.tar.gz.asc
gpg: Signature made Thu 06 Aug 2009 03:18:49 PM EDT using DSA key ID 34A72A7F
gpg: BAD signature from "John Dennis Casey <jd...@commonjava.org>"

Same bug as MNG 4650 (April 28th), which appears to have been closed too quickly.
Files attached.


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] Commented: (MNG-4753) BAD SIGNATURE (again)

Posted by "Rick Hall (JIRA)" <ji...@codehaus.org>.

    [ http://jira.codehaus.org/browse/MNG-4753?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=231225#action_231225 ] 

Rick Hall commented on MNG-4753:
--------------------------------

Two additional comments:

1) Left out one step in the DETAILS; i.e.

$ wget http://www.apache.org/dist/maven/binaries/apache-maven-2.2.1-bin.tar.gz.asc

2) I repeated all these steps a second time with the same result. I've attached MD5 checksums of the files I downloaded (I used these to verify that the files downloaded a second time matched the files downloaded the first time.)

MD5 sums:

e8e7a4d6e2d88df920606592d6b9a8b8  apache-maven-2.2.1-bin.tar.gz
d424f6f412c972ba2ba48a66ef77be7b  apache-maven-2.2.1-bin.tar.gz.asc
ab3f28113d3cb13a113346182506f028  KEYS


> BAD SIGNATURE (again)
> ---------------------
>
>                 Key: MNG-4753
>                 URL: http://jira.codehaus.org/browse/MNG-4753
>             Project: Maven 2 & 3
>          Issue Type: Bug
>    Affects Versions: 2.2.1
>         Environment: Linux Fedora Core 8
>            Reporter: Rick Hall
>         Attachments: apache-maven-2.2.1-bin.tar.gz, apache-maven-2.2.1-bin.tar.gz.asc, KEYS
>
>
> Signature of apache-maven-2.2.1-bin.tar.gz failed with message "gpg: BAD signature from John Dennis Casey <jd...@commonjava.org>".
> DETAILS:
> $ wget http://www.apache.org/dyn/closer.cgi/maven/binaries/apache-maven-2.2.1-bin.tar.gz
> $ wget http://www.apache.org/dist/maven/KEYS
> $ gpg --import KEYS
> $ gpg --verify apache-maven-2.2.1-bin.tar.gz.asc
> gpg: Signature made Thu 06 Aug 2009 03:18:49 PM EDT using DSA key ID 34A72A7F
> gpg: BAD signature from "John Dennis Casey <jd...@commonjava.org>"
> Same bug as MNG 4650 (April 28th), which appears to have been closed too quickly.
> Files attached.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] Commented: (MNG-4753) BAD SIGNATURE (again)

Posted by "Rick Hall (JIRA)" <ji...@codehaus.org>.

    [ http://jira.codehaus.org/browse/MNG-4753?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=231228#action_231228 ] 

Rick Hall commented on MNG-4753:
--------------------------------

Never mind...

The URL http://www.apache.org/dyn/closer.cgi/maven/binaries/apache-maven-2.2.1-bin.tar.gz links to an HTML page, not a *.tar.gz file.

Please close this bug.


> BAD SIGNATURE (again)
> ---------------------
>
>                 Key: MNG-4753
>                 URL: http://jira.codehaus.org/browse/MNG-4753
>             Project: Maven 2 & 3
>          Issue Type: Bug
>    Affects Versions: 2.2.1
>         Environment: Linux Fedora Core 8
>            Reporter: Rick Hall
>         Attachments: apache-maven-2.2.1-bin.tar.gz, apache-maven-2.2.1-bin.tar.gz.asc, KEYS
>
>
> Signature of apache-maven-2.2.1-bin.tar.gz failed with message "gpg: BAD signature from John Dennis Casey <jd...@commonjava.org>".
> DETAILS:
> $ wget http://www.apache.org/dyn/closer.cgi/maven/binaries/apache-maven-2.2.1-bin.tar.gz
> $ wget http://www.apache.org/dist/maven/KEYS
> $ gpg --import KEYS
> $ gpg --verify apache-maven-2.2.1-bin.tar.gz.asc
> gpg: Signature made Thu 06 Aug 2009 03:18:49 PM EDT using DSA key ID 34A72A7F
> gpg: BAD signature from "John Dennis Casey <jd...@commonjava.org>"
> Same bug as MNG 4650 (April 28th), which appears to have been closed too quickly.
> Files attached.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] Closed: (MNG-4753) BAD SIGNATURE (again)

Posted by "Rick Hall (JIRA)" <ji...@codehaus.org>.

     [ http://jira.codehaus.org/browse/MNG-4753?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rick Hall closed MNG-4753.
--------------------------

    Resolution: Not A Bug

The URL http://www.apache.org/dyn/closer.cgi/maven/binaries/apache-maven-2.2.1-bin.tar.gz links to a HTML webpage where actual download links may be found; e.g.

  http://www.alliedquotes.com/mirrors/apache/maven/binaries/apache-maven-2.2.1-bin.tar.gz

These worked properly.


> BAD SIGNATURE (again)
> ---------------------
>
>                 Key: MNG-4753
>                 URL: http://jira.codehaus.org/browse/MNG-4753
>             Project: Maven 2 & 3
>          Issue Type: Bug
>    Affects Versions: 2.2.1
>         Environment: Linux Fedora Core 8
>            Reporter: Rick Hall
>         Attachments: apache-maven-2.2.1-bin.tar.gz, apache-maven-2.2.1-bin.tar.gz.asc, KEYS
>
>
> Signature of apache-maven-2.2.1-bin.tar.gz failed with message "gpg: BAD signature from John Dennis Casey <jd...@commonjava.org>".
> DETAILS:
> $ wget http://www.apache.org/dyn/closer.cgi/maven/binaries/apache-maven-2.2.1-bin.tar.gz
> $ wget http://www.apache.org/dist/maven/KEYS
> $ gpg --import KEYS
> $ gpg --verify apache-maven-2.2.1-bin.tar.gz.asc
> gpg: Signature made Thu 06 Aug 2009 03:18:49 PM EDT using DSA key ID 34A72A7F
> gpg: BAD signature from "John Dennis Casey <jd...@commonjava.org>"
> Same bug as MNG 4650 (April 28th), which appears to have been closed too quickly.
> Files attached.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira