You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hive.apache.org by "dud (JIRA)" <ji...@apache.org> on 2018/03/06 09:43:00 UTC

[jira] [Created] (HIVE-18870) Invalid GPG signature of the 2.3.2 release

dud created HIVE-18870:
--------------------------

             Summary: Invalid GPG signature of the 2.3.2 release
                 Key: HIVE-18870
                 URL: https://issues.apache.org/jira/browse/HIVE-18870
             Project: Hive
          Issue Type: Bug
    Affects Versions: 2.3.2
            Reporter: dud


Hello

the [GPG signature|https://www.apache.org/dist/hive/hive-2.3.2/apache-hive-2.3.2-bin.tar.gz.asc] of the 2.3.2 Hive release is invalid preventing users to verify the downloaded archive :

 
{code:java}
gpg --primary-keyring /tmp/tmp.0xXkR5pkws.gpg --import ./hive-KEYS
gpg: key 085BCB4D2E765AE1: public key "Ashish Thusoo (CODE SIGNING KEY) <at...@apache.org>" imported
gpg: key E36CD0AA4626191C: public key "Zheng Shao (Zheng Shao) <zs...@apache.org>" imported
gpg: key 0CA0FF40EDAC684E: public key "Carl W. Steinbach (CODE SIGNING KEY) <ca...@cloudera.com>" imported
gpg: key 2036CB247AC28520: public key "John Sichi (CODE SIGNING KEY) <jv...@apache.org>" imported
gpg: key E193B38C2305CA1C: public key "Ashutosh Chauhan <ha...@apache.org>" imported
gpg: key 5E1840C075E68997: public key "Thejas Nair (CODE SIGNING KEY) <th...@apache.org>" imported
gpg: key 4814E367885D649D: public key "Harish Butani (CODE SIGNING KEY) <rh...@apache.org>" imported
gpg: key 1EADB7814530BADE: public key "Sushanth Sowmyan (CODE SIGNING KEY) <kh...@apache.org>" imported
gpg: key D90DF4E28EE6E329: public key "Thejas M Nair (CODE SIGNING KEY 2) <th...@apache.org>" imported
gpg: key A645F24823724330: public key "Gunther Hagleitner (CODE SIGNING KEY) <gu...@apache.org>" imported
gpg: key 1209E7F13D0C92B9: 8 duplicate signatures removed
gpg: key 1209E7F13D0C92B9: 47 signatures not checked due to missing keys
gpg: key 1209E7F13D0C92B9: public key "Owen O'Malley (Code signing) <om...@apache.org>" imported
gpg: key 88BD3F5704D9B832: public key "Alan Gates (No comment) <ga...@yahoo-inc.com>" imported
gpg: key D0111CE83C2F98F8: public key "Sergio Pena <sp...@apache.org>" imported
gpg: key BBDD5B6642FE69CE: public key "stakiar <ta...@gmail.com>" imported
gpg: Total number processed: 14
gpg:               imported: 14
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   4  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:   4  signed:   0  trust: 2-, 0q, 0n, 2m, 0f, 0u
gpg: next trustdb check due at 2022-07-10
gpg --primary-keyring /tmp/tmp.0xXkR5pkws.gpg --verify /tmp/hive/apache-hive-2.3.2-bin.tar.gz.asc /tmp/hive/apache-hive-2.3.2-bin.tar.gz
gpg: Signature made jeu. 09 nov. 2017 20:32:14 CET
gpg:                using RSA key B21AE8EEA5105E6CA3F9EFA1BBDD5B6642FE69CE
gpg: BAD signature from "stakiar <ta...@gmail.com>" [unknown]
{code}
I've already contacted [~stakiar] some weeks ago about this issue but unfortunatelely the signature hasn't been fixed yet.

Regards

dud



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)