[
http://jira.codehaus.org/browse/MNG-4753?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=231225#action_231225
]
Rick Hall commented on MNG-4753:
--------------------------------
Two additional comments:
1) Left out one step in the DETAILS; i.e.
$ wget
http://www.apache.org/dist/maven/binaries/apache-maven-2.2.1-bin.tar.gz.asc
2) I repeated all these steps a second time with the same result. I've attached
MD5 checksums of the files I downloaded (I used these to verify that the files
downloaded a second time matched the files downloaded the first time.)
MD5 sums:
e8e7a4d6e2d88df920606592d6b9a8b8 apache-maven-2.2.1-bin.tar.gz
d424f6f412c972ba2ba48a66ef77be7b apache-maven-2.2.1-bin.tar.gz.asc
ab3f28113d3cb13a113346182506f028 KEYS
> BAD SIGNATURE (again)
> ---------------------
>
> Key: MNG-4753
> URL: http://jira.codehaus.org/browse/MNG-4753
> Project: Maven 2 & 3
> Issue Type: Bug
> Affects Versions: 2.2.1
> Environment: Linux Fedora Core 8
> Reporter: Rick Hall
> Attachments: apache-maven-2.2.1-bin.tar.gz,
> apache-maven-2.2.1-bin.tar.gz.asc, KEYS
>
>
> Signature of apache-maven-2.2.1-bin.tar.gz failed with message "gpg: BAD
> signature from John Dennis Casey <jdca...@commonjava.org>".
> DETAILS:
> $ wget
> http://www.apache.org/dyn/closer.cgi/maven/binaries/apache-maven-2.2.1-bin.tar.gz
> $ wget http://www.apache.org/dist/maven/KEYS
> $ gpg --import KEYS
> $ gpg --verify apache-maven-2.2.1-bin.tar.gz.asc
> gpg: Signature made Thu 06 Aug 2009 03:18:49 PM EDT using DSA key ID 34A72A7F
> gpg: BAD signature from "John Dennis Casey <jdca...@commonjava.org>"
> Same bug as MNG 4650 (April 28th), which appears to have been closed too
> quickly.
> Files attached.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
