Looks fine at my end - girish$ ./verify-ofbiz-release.sh apache-ofbiz-17.12.04.zip
sha check of file: apache-ofbiz-17.12.04.zip Using sha file: apache-ofbiz-17.12.04.zip.sha512 apache-ofbiz-17.12.04.zip: 87FC62B2 8005BE59 FBB5AA69 6F0317C1 72273F02 EB39DD82 9738761C 694D644B F004C3A6 12E8DB41 512C726A 4F5E991F D80A6A84 4AADE640 7B726DC1 8E4182A8 apache-ofbiz-17.12.04.zip: 87FC62B2 8005BE59 FBB5AA69 6F0317C1 72273F02 EB39DD82 9738761C 694D644B F004C3A6 12E8DB41 512C726A 4F5E991F D80A6A84 4AADE640 7B726DC1 8E4182A8 sha checksum OK GPG verification output gpg: Signature made Sun Jul 5 13:38:45 2020 IST gpg: using RSA key 7A580908847AF9E0 gpg: Good signature from "Jacopo Cappellato (CODE SIGNING KEY) < jaco...@apache.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 3545 C5E3 1CC2 D029 B2CC AD06 7A58 0908 847A F9E0 Best, Girish On Sun, Jul 5, 2020 at 3:24 PM Jacques Le Roux <jacques.le.r...@les7arts.com> wrote: > Hi Jacopo, > > Something is wrong, I get that (dowloaded twice, except the package which > opens normally): > > $ ./verify-ofbiz-release.sh apache-ofbiz-17.12.04.zip > sha check of file: apache-ofbiz-17.12.04.zip > Using sha file: apache-ofbiz-17.12.04.zip.sha512 > apache-ofbiz-17.12.04.zip: 87FC62B2 8005BE59 FBB5AA69 6F0317C1 72273F02 > EB39DD82 9738761C 694D644B F004C3A6 12E8DB41 512C726A 4F5E991F D80A6A84 > 4AADE640 7B726DC1 8E4182A8 > apache-ofbiz-17.12.04.zip: 74F79D42 2746A409 9C0F2E0D 5F96C070 78C73D7B > 4C681452 EB974F18 33E2E391 3E1C7D1F 2F0E8A44 C18AC8FF A9F86094 4C9F5D4D > 5DDA3AB9 E2DC2057 CA0F2E33 > sha sums mismatch! > > GPG verification output > gpg: Signature made Fri Jul 3 16:04:40 2020 > gpg: using RSA key 7A580908847AF9E0 > gpg: BAD signature from "Jacopo Cappellato (CODE SIGNING KEY) < > jaco...@apache.org>" > > Could it be on my side? Anyone reproduce? > > Jacques > > Le 05/07/2020 à 10:23, Jacopo Cappellato a écrit : > > This is the vote thread (second attempt) to publish a new bug fix release > > from the "release17.12" branch. This new release, "Apache OFBiz > 17.12.04", > > will supersede all the previous releases from the same branch. > > > > The release files can be downloaded from here: > > https://dist.apache.org/repos/dist/dev/ofbiz/ > > and are: > > * apache-ofbiz-17.12.04.zip > > * KEYS: text file with keys > > * apache-ofbiz-17.12.04.zip.asc: the detached signature file > > * apache-ofbiz-17.12.04.zip.sha512: checksum file > > > > Please download and test the zip file and its signatures (for > instructions > > on testing the signatures see > http://www.apache.org/info/verification.html). > > > > Vote: > > [ +1] release as Apache OFBiz 17.12.04 > > [ -1] do not release > > > > This vote will be open for 5 days. > > > > For more details about this process please read > > http://www.apache.org/foundation/voting.html > >