Are you sure you grabbed the right files? > md5 johnzon-0.6-incubating-src.tar.gz > MD5 (johnzon-0.6-incubating-src.tar.gz) = 40f1ae7e839822ef55e50d9e5f4f5298 > > cat johnzon-0.6-incubating-src.tar.gz.asc.md5 > b7c12ea3fdfd5ee50886212a4a1ff8c8
This is the md5 of the asc file, not the tar.gz. The tar.gz.md5 has the proper hash in it. > openssl sha1 ./johnzon-0.6-incubating-src.tar.gz > SHA1(./johnzon-0.6-incubating-src.tar.gz)= > 742c6e38de9dbc9a9d01363ea93e3168740af278 > > cat johnzon-0.6-incubating-src.tar.gz.sha1 > 90eeca8df71089807602071cb6bcadfaf107126d If I download johnzon-0.6-incubating-src.tar.gz.sha1 and cat it, I see: dkulp@MacBookPro ~/Downloads $ cat johnzon-0.6-incubating-src.tar.gz.sha1 742c6e38de9dbc9a9d01363ea93e3168740af278 which matches the sha1 you produced. > > I checked: > - signature correct > - LICENCE and NOTICE correct > - DISCLAIMER exists > - incubating in source package name > - all source files have Apache header > - no unexpected binary files in release > - can compile from source > - all tests pass > > Justin -- Daniel Kulp [email protected] - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com
