Hi, You should download https://downloads.apache.org/maven/KEYS next import by: gpg --import KEYS
and next verify by: gpg --verify apache-maven-3.9.2-bin.zip.asc Signature is correct. gpg --verify apache-maven-3.9.2-bin.zip.asc gpg: assuming signed data in 'apache-maven-3.9.2-bin.zip' gpg: Signature made Mon May 8 11:08:31 2023 CEST gpg: using RSA key 29BEA2A645F2D6CED7FB12E02B172E3E156466E8 gpg: Good signature from "Tamas Cservenak (ASF) (Release key) ...... śr., 7 cze 2023 o 11:42 Jim McNamara <jmcnamara10...@proton.me.invalid> napisał(a): > Hi all- > > At a glance, it may be possible that the wrong key is posted for the > downloads at: > https://maven.apache.org/download.cgi > > i tried this command: > > PS C:\program files (x86)\GnuPG\bin> .\gpg.exe --import > C:\Users\myuser\apache-maven-3.9.2-bin.zip.asc > gpg: no valid OpenPGP data found. > gpg: Total number processed: 0 > > couldn't grep the key agains the KEYS file found at: > https://downloads.apache.org/maven/KEYS > > Can I please get the key corrected? > > thanks, > J. McNamara > > Sent with [Proton Mail](https://proton.me/) secure email. -- Sławomir Jaranowski
