You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Benjamin Bentmann (JIRA)" <ji...@codehaus.org> on 2010/04/28 11:33:12 UTC
[jira] Closed: (MNG-4650) BAD signature
[ http://jira.codehaus.org/browse/MNG-4650?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Benjamin Bentmann closed MNG-4650.
----------------------------------
Resolution: Cannot Reproduce
Assignee: Benjamin Bentmann
Both the bundles in [central|http://repo1.maven.org/maven2/org/apache/maven/apache-maven/2.2.1/] and from the official [Apache download server|http://www.apache.org/dist/maven/] successfully validate for me:
{noformat}
VERIFYING apache-maven-2.2.1-bin.tar.bz2.asc
gpg: Signature made 08/06/09 21:18:49 using DSA key ID 34A72A7F
gpg: Good signature from "John Dennis Casey <jd...@commonjava.org>"
Primary key fingerprint: 9FFE D7A1 18D4 5A44 E4A1 E471 30E6 F804 34A7 2A7F
VERIFYING apache-maven-2.2.1-bin.tar.gz.asc
gpg: Signature made 08/06/09 21:18:49 using DSA key ID 34A72A7F
gpg: Good signature from "John Dennis Casey <jd...@commonjava.org>"
Primary key fingerprint: 9FFE D7A1 18D4 5A44 E4A1 E471 30E6 F804 34A7 2A7F
VERIFYING apache-maven-2.2.1-bin.zip.asc
gpg: Signature made 08/06/09 21:18:49 using DSA key ID 34A72A7F
gpg: Good signature from "John Dennis Casey <jd...@commonjava.org>"
Primary key fingerprint: 9FFE D7A1 18D4 5A44 E4A1 E471 30E6 F804 34A7 2A7F
VERIFYING apache-maven-2.2.1-src.tar.gz.asc
gpg: Signature made 08/06/09 21:18:49 using DSA key ID 34A72A7F
gpg: Good signature from "John Dennis Casey <jd...@commonjava.org>"
Primary key fingerprint: 9FFE D7A1 18D4 5A44 E4A1 E471 30E6 F804 34A7 2A7F
VERIFYING apache-maven-2.2.1-src.zip.asc
gpg: Signature made 08/06/09 21:18:49 using DSA key ID 34A72A7F
gpg: Good signature from "John Dennis Casey <jd...@commonjava.org>"
Primary key fingerprint: 9FFE D7A1 18D4 5A44 E4A1 E471 30E6 F804 34A7 2A7F
{noformat}
So you should double-check the source of your bundle.
> BAD signature
> -------------
>
> Key: MNG-4650
> URL: http://jira.codehaus.org/browse/MNG-4650
> Project: Maven 2 & 3
> Issue Type: Bug
> Reporter: Shin Sangjae
> Assignee: Benjamin Bentmann
>
> ZIP file's signature has problem.
> --------------------------------------------------------------------
> C:\DOCUME~1\bomber\MYDOCU~1\다운로드>gpg --verify apache-maven-2.2.1-bin.zip.asc
> gpg: Signature made 08/07/09 04:18:49 using DSA key ID 34A72A7F
> gpg: Can't check signature: public key not found
> C:\DOCUME~1\bomber\MYDOCU~1\다운로드>gpg --keyserver hkp://pgp.mit.edu --recv-ke
> ys 34A72A7F
> gpg: requesting key 34A72A7F from hkp server pgp.mit.edu
> gpg: key 34A72A7F: public key "John Dennis Casey <jd...@commonjava.org>" impor
> ted
> gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
> gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
> gpg: Total number processed: 1
> gpg: imported: 1
> C:\DOCUME~1\bomber\MYDOCU~1\다운로드>gpg --verify apache-maven-2.2.1-bin.zip.asc
> gpg: Signature made 08/07/09 04:18:49 using DSA key ID 34A72A7F
> gpg: BAD signature from "John Dennis Casey <jd...@commonjava.org>"
> C:\DOCUME~1\bomber\MYDOCU~1\다운로드>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira