Hmm, 2.4.4 dist works for me
gpg --keyserver pgpkeys.mit.edu --recv-key AE64E518 gpg --verify apache-empire-db-2.4.4-dist.tar.gz.asc gpg: assuming signed data in 'apache-empire-db-2.4.4-dist.tar.gz' gpg: Signature made Tue Aug 11 12:18:34 2015 CEST using DSA key ID AE64E518 gpg: Good signature from "Francis De Brabandere <[email protected]>" [ultimate] ➜ md5 apache-empire-db-2.4.4-dist.tar.gz MD5 (apache-empire-db-2.4.4-dist.tar.gz) = 2a461179e34afe0b2acaf9e42503e33f ➜ cat apache-empire-db-2.4.4-dist.tar.gz.md5 2a461179e34afe0b2acaf9e42503e33f ./target/apache-empire-db-2.4.4-dist.tar.gz ➜ openssl sha1 apache-empire-db-2.4.4-dist.tar.gz SHA1(apache-empire-db-2.4.4-dist.tar.gz)= fe9fd8d45332a7e4db0f4d444e0941d182c31116 ➜ cat apache-empire-db-2.4.4-dist.tar.gz.sha fe9fd8d45332a7e4db0f4d444e0941d182c31116 ./target/apache-empire-db-2.4.4-dist.tar.gz both sha and md5 match here for tar.gz same for zip ➜ cat apache-empire-db-2.4.4-dist.zip.sha b46a4ea4feed1c2686c2ba2b6b0bf8c89ac21acf ./target/apache-empire-db-2.4.4-dist.zip ➜ openssl sha1 apache-empire-db-2.4.4-dist.zip SHA1(apache-empire-db-2.4.4-dist.zip)= b46a4ea4feed1c2686c2ba2b6b0bf8c89ac21acf On 10 January 2017 at 15:52, <[email protected]> wrote: > thx, I can verify 2.4.6rc2 now. > > but 2.4.4 from website is still broken: > > [jan ~/tmp] gpg --verify apache-empire-db-2.4.4-dist.zip.asc > gpg: Warning: using insecure memory! > gpg: assuming signed data in 'apache-empire-db-2.4.4-dist.zip' > gpg: Signature made Tue Aug 11 12:18:34 2015 CEST > gpg: using DSA key 593A1304AE64E518 > gpg: BAD signature from "Francis De Brabandere <[email protected]>" > [unknown] > > md5 & sha are also bad: > > b735ed3a4f477d8f1a03c6de22c7b361 ./target/apache-empire-db-2.4.4-dist.zip > > [jan ~/tmp] md5 apache-empire-db-2.4.4-dist.zip > MD5 (apache-empire-db-2.4.4-dist.zip) = 2ea5495d519307a7987fd08182c688ed > > b46a4ea4feed1c2686c2ba2b6b0bf8c89ac21acf ./target/apache-empire-db-2.4. > 4-dist.zip > > [jan ~/tmp] sha1 apache-empire-db-2.4.4-dist.zip > SHA1 (apache-empire-db-2.4.4-dist.zip) = 96f788b9dc564e607052903eb6e091 > f041ade075 > > are we sure nobody touched it...? > > - jan > > Zitat von Francis De Brabandere <[email protected]>: > > > @Jan, you can import the signature from the mit keyserver >> gpg --keyserver pgpkeys.mit.edu --recv-key 0B5DFB51 >> >> @Rainer the KEYS file is still not updated >> https://dist.apache.org/repos/dist/release/empire-db/KEYS >> >> Cheers, >> F >> >> >> >> On 10 January 2017 at 08:39, Jan Glaubitz <[email protected]> wrote: >> >> Hello Rainer, >>> >>> SHA works now (but: maybe we should use at least SHA256?) >>> >>> I'm still unable to verify the PGP signature. >>> >>> - jan >>> >>> Von meinem iPhone gesendet >>> >>> > Am 10.01.2017 um 08:18 schrieb Rainer Döbele <[email protected]>: >>> > >>> > Hi Jan, >>> > >>> > you are absolutely right: instead of the sha hash the file contained >>> the >>> md5 hash. >>> > I have corrected it now. >>> > Please check again. >>> > >>> > Regards >>> > Rainer >>> > >>> >> From: [email protected] [mailto:[email protected]] >>> >> To: [email protected] >>> >> Subject: Re: [VOTE] Release Apache Empire-db 2.4.6 (rc2) >>> >> >>> >> Hello Rainer, >>> >> >>> >> how did you create the sha sum? I cant validate its correct: >>> >> >>> >> [jan ~/tmp] sha1 apache-empire-db-2.4.6-dist.zip >>> >> SHA1 (apache-empire-db-2.4.6-dist.zip) = >>> >> 9d0f4e28334561e15458671b7b093b7b3cc5f9cb >>> >> >>> >> yours look a little bit short...? >>> >> >>> >> >>> >> Which key did you use to create the PGP signature? I can't verify with >>> they >>> >> KEYS file from the website: >>> >> >>> >> [jan ~/tmp] gpg --verify apache-empire-db-2.4.6-dist.zip.asc >>> >> gpg: Warning: using insecure memory! >>> >> gpg: assuming signed data in 'apache-empire-db-2.4.6-dist.zip' >>> >> gpg: Signature made Mon Jan 9 11:46:48 2017 CET >>> >> gpg: using RSA key 0279D7D50B5DFB51 >>> >> gpg: Can't check signature: No public key >>> >> >>> >> - jan >>> >> >>> >> Zitat von Rainer Döbele <[email protected]>: >>> >> >>> >>> Hi all, >>> >>> >>> >>> Due to an incorrect distribution file I have cancelled rc1 and >>> >>> prepared a second release candidate for version 2.4.6. >>> >>> Please do all check and vote again on this release candidate. >>> >>> >>> >>> A list of all resolved issues for this release can be found here: >>> >>> https://issues.apache.org/jira/browse/EMPIREDB- >>> >> 250?jql=project%20%3D%2 >>> >>> 0EMPIREDB%20AND%20fixVersion%20in%20(empire-db- >>> >> 2.4.6%2C%20empire-db-2. >>> >>> >>> >> 4.5)%20ORDER%20BY%20due%20ASC%2C%20priority%20DESC%2C%20create >>> >> d%20ASC >>> >>> >>> >>> Maven staging repository: >>> >>> https://repository.apache.org/content/repositories/orgapache >>> empire-db- >>> >>> 1004/ >>> >>> >>> >>> The distribution files are located here: >>> >>> https://dist.apache.org/repos/dist/dev/empire-db/apache-empi >>> re-db-2.4. >>> >>> 6-rc2/ >>> >>> >>> >>> The Rat report for the tag is available here: >>> >>> https://dist.apache.org/repos/dist/dev/empire-db/apache-empi >>> re-db-2.4. >>> >>> 6-rc2/rat.txt >>> >>> >>> >>> Vote open for 72 hours. >>> >>> >>> >>> [ ] +1 >>> >>> [ ] +0 >>> >>> [ ] -1 >>> >> >>> >> >>> > >>> >>> >>> > > >
