[
https://issues.apache.org/jira/browse/OPENMEETINGS-1901?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Patrick Simon closed OPENMEETINGS-1901.
---------------------------------------
Resolution: Cannot Reproduce
Closed as cannot reproduce.
Thanks for looking into this. I pulled the file apache-openmeetings-4.0.4.zip
again today, and this time gpg reported a good signature. The previous copy of
the zip file was much smaller than the one I pulled today, presumably the
previous file was only partially downloaded.
> gpg validation of zip file download failed with BAD signature
> -------------------------------------------------------------
>
> Key: OPENMEETINGS-1901
> URL: https://issues.apache.org/jira/browse/OPENMEETINGS-1901
> Project: Openmeetings
> Issue Type: Bug
> Components: BuildsAndReleases
> Affects Versions: 4.0.4
> Reporter: Patrick Simon
> Assignee: SebastianWagner
> Priority: Major
> Labels: security
>
> verification of download zip file failed
> I followed the instructions on the download page to verify
> apache-openmeetings-4.0.4.zip.
> steps and environment details:
> all files downloaded from site through firefox on Windows 10
> KEYS file saved as apache-openmeetings-KEYS
> all other files saved as named on the download site
> verification attempted using the following commands from bash on ubuntu on
> Windows 10 in the folder where all files located
> $ gpg --import apache-openmeetings-KEYS
> gpg: directory `/home/xxx/.gnupg' created
> gpg: new configuration file `/home/xxxx/.gnupg/gpg.conf' created
> gpg: WARNING: options in `/home/xxxx/.gnupg/gpg.conf' are not yet active
> during this run
> gpg: keyring `/home/xxxx/.gnupg/secring.gpg' created
> gpg: keyring `/home/xxxx/.gnupg/pubring.gpg' created
> gpg: /home/psimon/.gnupg/trustdb.gpg: trustdb created
> gpg: key 93A30395: public key "Sebastian Wagner <[email protected]>"
> imported
> gpg: key D27B0B59: public key "Eugen Schwert (CODE SIGNING KEY)
> <[email protected]>" imported
> gpg: key C467526E: public key "Maxim Solodovnik (solomax)
> <[email protected]>" imported
> gpg: key C1D03D7A: public key "German Grekhov <[email protected]>" imported
> gpg: Total number processed: 4
> gpg: imported: 4 (RSA: 4)
> $ gpg --verify apache-openmeetings-4.0.4.zip.asc apache-openmeetings-4.0.4.zip
> gpg: Signature made Fri 25 May 2018 12:22:55 PM DST using RSA key ID C467526E
> gpg: BAD signature from "Maxim Solodovnik (solomax) <[email protected]>"
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)