[jira] [Comment Edited] (FLUME-2687) apache flume 1.5.2 signature MD5 and SHA1 checksums

Thu, 23 Apr 2015 12:39:18 -0700 

    [ 
https://issues.apache.org/jira/browse/FLUME-2687?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14509653#comment-14509653
 ] 

Hari Shreedharan edited comment on FLUME-2687 at 4/23/15 7:38 PM:
------------------------------------------------------------------

Hmm, I didn't have the issue:

{code}
gpg --verify apache-flume-1.5.2-bin.tar.gz.asc apache-flume-1.5.2-bin.tar.gz
gpg: Signature made Wed Nov 12 12:53:47 2014 PST using RSA key ID 77FFC9AB
gpg: Good signature from "Hari Shreedharan <[email protected]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 761A 881F 8FD1 37CE F1F4  A3EE B724 4AD9 77FF C9AB
{code}


was (Author: hshreedharan):
Hmm, I didn't have the issue:

{Code}
gpg --verify apache-flume-1.5.2-bin.tar.gz.asc apache-flume-1.5.2-bin.tar.gz
gpg: Signature made Wed Nov 12 12:53:47 2014 PST using RSA key ID 77FFC9AB
gpg: Good signature from "Hari Shreedharan <[email protected]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 761A 881F 8FD1 37CE F1F4  A3EE B724 4AD9 77FF C9AB
{code}

> apache flume 1.5.2 signature MD5 and SHA1 checksums
> ---------------------------------------------------
>
>                 Key: FLUME-2687
>                 URL: https://issues.apache.org/jira/browse/FLUME-2687
>             Project: Flume
>          Issue Type: Bug
>            Reporter: Pedro Salgado
>            Priority: Critical
>
> I just downloaded Flume 1.5.2 and when running the gpg command to verify the 
> tarball I'm getting a bad signature.
> {noformat}
> $ gpg --verify apache-flume-1.5.0-bin.tar.gz.asc
> gpg: assuming signed data in 'apache-flume-1.5.0-bin.tar.gz'
> gpg: Signature made Wed May  7 15:53:05 2014 MDT using RSA key ID 77FFC9AB
> gpg: Good signature from "Hari Shreedharan <[email protected]>" 
> [unknown]
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the owner.
> Primary key fingerprint: 761A 881F 8FD1 37CE F1F4  A3EE B724 4AD9 77FF C9AB
> $ gpg --verify apache-flume-1.5.2-bin.tar.gz.asc
> gpg: assuming signed data in 'apache-flume-1.5.2-bin.tar.gz'
> gpg: Signature made Wed Nov 12 13:53:47 2014 MST using RSA key ID 77FFC9AB
> gpg: BAD signature from "Hari Shreedharan <[email protected]>" [unknown]
> {noformat}
> I double checked the MD5 and SHA1 checksum of the file I downloaded and what 
> is on the files and it doesn't match either.
> I downloaded 1.5.0 and every is good so you seem to have a problem with the 
> 1.5.2 tarballs.
> Can you please have a look?
> thank you!



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to