[ 
https://issues.apache.org/jira/browse/OPENMEETINGS-1901?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Patrick Simon closed OPENMEETINGS-1901.
---------------------------------------
    Resolution: Cannot Reproduce

Closed as cannot reproduce.

Thanks for looking into this. I pulled the file apache-openmeetings-4.0.4.zip 
again today, and this time gpg reported a good signature. The previous copy of 
the zip file was much smaller than the one I pulled today, presumably the 
previous file was only partially downloaded.

> gpg validation of zip file download failed with BAD signature
> -------------------------------------------------------------
>
>                 Key: OPENMEETINGS-1901
>                 URL: https://issues.apache.org/jira/browse/OPENMEETINGS-1901
>             Project: Openmeetings
>          Issue Type: Bug
>          Components: BuildsAndReleases
>    Affects Versions: 4.0.4
>            Reporter: Patrick Simon
>            Assignee: SebastianWagner
>            Priority: Major
>              Labels: security
>
> verification of download zip file failed
> I followed the instructions on the download page to verify 
> apache-openmeetings-4.0.4.zip.
> steps and environment details:
> all files downloaded from site through firefox on Windows 10
> KEYS file saved as apache-openmeetings-KEYS
> all other files saved as named on the download site
> verification attempted using the following commands from bash on ubuntu on 
> Windows 10 in the folder where all files located
> $ gpg --import apache-openmeetings-KEYS
> gpg: directory `/home/xxx/.gnupg' created
> gpg: new configuration file `/home/xxxx/.gnupg/gpg.conf' created
> gpg: WARNING: options in `/home/xxxx/.gnupg/gpg.conf' are not yet active 
> during this run
> gpg: keyring `/home/xxxx/.gnupg/secring.gpg' created
> gpg: keyring `/home/xxxx/.gnupg/pubring.gpg' created
> gpg: /home/psimon/.gnupg/trustdb.gpg: trustdb created
> gpg: key 93A30395: public key "Sebastian Wagner <[email protected]>" 
> imported
> gpg: key D27B0B59: public key "Eugen Schwert (CODE SIGNING KEY) 
> <[email protected]>" imported
> gpg: key C467526E: public key "Maxim Solodovnik (solomax) 
> <[email protected]>" imported
> gpg: key C1D03D7A: public key "German Grekhov <[email protected]>" imported
> gpg: Total number processed: 4
> gpg:               imported: 4  (RSA: 4)
> $ gpg --verify apache-openmeetings-4.0.4.zip.asc apache-openmeetings-4.0.4.zip
> gpg: Signature made Fri 25 May 2018 12:22:55 PM DST using RSA key ID C467526E
> gpg: BAD signature from "Maxim Solodovnik (solomax) <[email protected]>" 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to