[ http://jira.codehaus.org/browse/MNG-4753?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=231225#action_231225 ]
Rick Hall commented on MNG-4753: -------------------------------- Two additional comments: 1) Left out one step in the DETAILS; i.e. $ wget http://www.apache.org/dist/maven/binaries/apache-maven-2.2.1-bin.tar.gz.asc 2) I repeated all these steps a second time with the same result. I've attached MD5 checksums of the files I downloaded (I used these to verify that the files downloaded a second time matched the files downloaded the first time.) MD5 sums: e8e7a4d6e2d88df920606592d6b9a8b8 apache-maven-2.2.1-bin.tar.gz d424f6f412c972ba2ba48a66ef77be7b apache-maven-2.2.1-bin.tar.gz.asc ab3f28113d3cb13a113346182506f028 KEYS > BAD SIGNATURE (again) > --------------------- > > Key: MNG-4753 > URL: http://jira.codehaus.org/browse/MNG-4753 > Project: Maven 2 & 3 > Issue Type: Bug > Affects Versions: 2.2.1 > Environment: Linux Fedora Core 8 > Reporter: Rick Hall > Attachments: apache-maven-2.2.1-bin.tar.gz, > apache-maven-2.2.1-bin.tar.gz.asc, KEYS > > > Signature of apache-maven-2.2.1-bin.tar.gz failed with message "gpg: BAD > signature from John Dennis Casey <jdca...@commonjava.org>". > DETAILS: > $ wget > http://www.apache.org/dyn/closer.cgi/maven/binaries/apache-maven-2.2.1-bin.tar.gz > $ wget http://www.apache.org/dist/maven/KEYS > $ gpg --import KEYS > $ gpg --verify apache-maven-2.2.1-bin.tar.gz.asc > gpg: Signature made Thu 06 Aug 2009 03:18:49 PM EDT using DSA key ID 34A72A7F > gpg: BAD signature from "John Dennis Casey <jdca...@commonjava.org>" > Same bug as MNG 4650 (April 28th), which appears to have been closed too > quickly. > Files attached. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira