You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@jmeter.apache.org by "Crawford, John" <jc...@techtarget.com> on 2006/01/25 20:22:54 UTC
jmeter download checksum discrepancy
Hi,
I've downloaded JMeter (2.1.1.zip) from several different mirror sites
in the last two days, and for each one, I get this result for my
checksum:
C:\>sha1sum jakarta-jmeter-2.1.1.zip
5dbbe22bd13a60e09ad7069f33d2177e2feb8b4c *jakarta-jmeter-2.1.1.zip
which is not what I'm supposed to see, according to this page:
http://www.apache.org/dist/jakarta/jmeter/binaries/jakarta-jmeter-2.1.1.
zip.md5
which causes me to suspect this is not a valid version.
Yet, when I use GnuPG on it, I get:
C:\>gpg --verify jakarta-jmeter-2.1.1.zip.asc
gpg: Signature made 10/03/05 17:45:16 using DSA key ID BCA973AC
gpg: Good signature from "Sebastian Bazley (ASF Signing Key)
<se...@apache.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 88D5 36D4 3329 1377 4D62 766D 3FE0 C161 BCA9
73AC
which looks OK (despite the warning).
So: which is right? Is my download a valid version of JMeter or not?
Obviously, I'd like to know before installing it.
Please forgive me if this is a frequently answered question, but I'm new
to JMeter (& GnuPG), and I did not see it in a quick look over this
month's archives. Thanks,
- John Crawford
Senior QA Engineer
TechTarget
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: jmeter download checksum discrepancy
Posted by sebb <se...@gmail.com>.
In 25/01/06, Crawford, John <jc...@techtarget.com> wrote:
> Hi,
>
> I've downloaded JMeter (2.1.1.zip) from several different mirror sites
> in the last two days, and for each one, I get this result for my
> checksum:
> C:\>sha1sum jakarta-jmeter-2.1.1.zip
> 5dbbe22bd13a60e09ad7069f33d2177e2feb8b4c *jakarta-jmeter-2.1.1.zip
> which is not what I'm supposed to see, according to this page:
>
> http://www.apache.org/dist/jakarta/jmeter/binaries/jakarta-jmeter-2.1.1.
> zip.md5
> which causes me to suspect this is not a valid version.
Surely sha1sum is not the same as MD5?
Try again with an MD5 checksum tool...
> Yet, when I use GnuPG on it, I get:
> C:\>gpg --verify jakarta-jmeter-2.1.1.zip.asc
> gpg: Signature made 10/03/05 17:45:16 using DSA key ID BCA973AC
> gpg: Good signature from "Sebastian Bazley (ASF Signing Key)
> <se...@apache.org>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg: There is no indication that the signature belongs to the
> owner.
> Primary key fingerprint: 88D5 36D4 3329 1377 4D62 766D 3FE0 C161 BCA9
> 73AC
> which looks OK (despite the warning).
>
Since the signature is good, you can be sure that the file agrees with
it, and has been transferred OK.
None of the JMeter keys have been cross-signed, as far as I know.
It's tricky organising this when we live in different countries ...
> So: which is right? Is my download a valid version of JMeter or not?
On the face of it, yes.
> Obviously, I'd like to know before installing it.
>
Try creating the MD5 checksum with a different application.
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org