[ https://issues.apache.org/jira/browse/TIKA-1345?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14037673#comment-14037673 ]
Nick Burch commented on TIKA-1345: ---------------------------------- That page will give you a mirror near-ish you, which mirror did you download from? > Bad signature in gpg, md5 and sha1 verification > ----------------------------------------------- > > Key: TIKA-1345 > URL: https://issues.apache.org/jira/browse/TIKA-1345 > Project: Tika > Issue Type: Bug > Components: packaging > Affects Versions: 1.5 > Reporter: Luis > Labels: gpg, md5sum, sha1sum > > Either source and jar files show the same "BAD signature warning": > $ gpg --import KEYS > gpg: key A355A63E: "Jukka Zitting <ju...@apache.org>" not changed > gpg: key B876884A: "Chris Mattmann (CODE SIGNING KEY) <mattm...@apache.org>" > not changed > gpg: key 9740DD55: "David Meikle (CODE SIGNING KEY) <dmei...@apache.org>" not > changed > gpg: key AEA8C6AB: "David Meikle (CODE SIGNING KEY) <dmei...@apache.org>" not > changed > gpg: key 0EB30B07: "David Meikle (CODE SIGNING KEY) <dmei...@apache.org>" not > changed > gpg: Número total processado: 5 > gpg: não modificados: 5 > $ gpg --verify tika-app-1.5.jar.asc > gpg: Signature made Dom 09 Fev 2014 21:42:27 WET using RSA key ID 0EB30B07 > gpg: BAD signature from "David Meikle (CODE SIGNING KEY) <dmei...@apache.org>" > And md5sum and sha1sum show different hashes for files. I used firefox to > download them and then wget to confirm it was not an issue regarding the > download client. > $ md5sum tika-1.5-src.zip > 649b68df4fe628ea4a83da0e71542dbf tika-1.5-src.zip > From the site: MD5: 48477b2e70e0e62ece09af7ada5037fa > $ md5sum tika-app-1.5.jar > 06e48845d4f2bfcc9c1f5c395ef90790 tika-app-1.5.jar > From the site: MD5: 2124a77289efbb30e7228c0f7da63373 -- This message was sent by Atlassian JIRA (v6.2#6252)