Thanks guys, for the initial report and also for Tuure response.
For such a problem, even if it's a no-problem, can you fill a JIRA ?
This will help to keep a track on what is ok and what needs to be fixed.
Mails just vanish after a few days, JIRAs stays for ever, or at leat
until they are closed !
Thanks !
Tuure Laurinolli wrote:
Valient Gough wrote:
From page: http://mina.apache.org/downloads.html
mina-1.1.7 and mina-2.0.0-m1 files do not match md5, sha1, or gpg
signatures!
I tested mina-1.1.7.zip , mina-1.1.7.tar.bz2, and
mina-2.0.0-M1.tar.bz2, all of which failed checks.
No, you didn't ;)
md5 link:
http://www.apache.org/dist/mina/1.1.7/mina-1.1.7.tar.bz2.md5
mina-1.1.7.tar.gz: expected md5 2f83d9adc5212dd8516290b17f1fb43f , got
bd6006f16e46c421160815ce985f5c3d
The expected MD5 sum here appears to be from
http://www.apache.org/dist/mina/1.1.7/mina-1.1.7.tar.bz2.md5.
# links taken directly from http://mina.apache.org/downloads.html
$ wget
http://mina.apache.org/dyn/closer.cgi/mina/2.0.0-M1/mina-2.0.0-M1.tar.bz2
$ wget
http://www.apache.org/dist/mina/2.0.0-M1/mina-2.0.0-M1.tar.bz2.asc
$ gpg mina-2.0.0-M1.tar.bz2.asc
gpg: Signature made Tue 19 Feb 2008 09:55:41 AM PST using DSA key ID
92E29412
gpg: BAD signature from "Mike Heath <[EMAIL PROTECTED]>"
At least in this case you downloaded the HTML mirror link page instead
of the actual package. Could you post the actual commands you ran for
the other checks too? The link to that .tar.bz2 file generates an HTML
page on which the actual download link is, and at least wget downloads
the HTML page if you give it that URL.
Until fixed, I'm assuming all files are compromised..
I assume that you downloaded the HTML mirror link pages in the other
cases as well, and possibly did some other mistakes as well.
--
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org
