Thanks Greg, I wanted to confirm the fingerprint of my key and look into
it, but I am glad you figured it out. The sig files are mirrored, as
they are bulk copied with all the artifacts, but we also keep them on
the apache servers, which are the authoritative source.
Actually you just became my favorite person of the year for following
best practices and checking the signature of the artifacts. Kudos for
that. I will update the website pages accordingly. I am pretty sure the
same problem is there with other releases.
Thanks again,
Hadrian
On 05/03/2012 06:56 PM, Greg Henley wrote:
Hadrian,
I believe the problem is the way the link is setup on the
http://camel.apache.org/download.html page. For the "PGP Signature file of
download" column underneath "Source Distribution" section. Compare the
following:
apache-camel-2.7.5-src.zip.asc correctly links to
http://www.apache.org/dist/camel/apache-camel/2.7.5/apache-camel-2.7.5-src.zip.asc
but the 2.8.5 and 2.9.2 link to www.apache.org/dyn/... instead which takes
you to mirror sites, not directly to the asc file!!
apache-camel-2.9.2-src.zip.asc links to
http://www.apache.org/dyn/closer.cgi/camel/apache-camel/2.9.2/apache-camel-2.9.2-src.zip.asc
After I found the right asc file, Signature is good.
Greg
--
View this message in context:
http://camel.465427.n5.nabble.com/ANNOUNCE-Apache-Camel-2-9-2-Released-tp5649281p5684492.html
Sent from the Camel - Users mailing list archive at Nabble.com.
--
Hadrian Zbarcea
Principal Software Architect
Talend, Inc
http://coders.talend.com/
http://camelbot.blogspot.com/