ah, you’re right. I used curl to download, and since older released worked (no proxy)… Everything’s good :)
-jan > Am 10.01.2017 um 16:06 schrieb Francis De Brabandere <[email protected]>: > > sure you did not right click and save the proxy selection page? > > On 10 January 2017 at 16:05, Francis De Brabandere <[email protected]> > wrote: > >> Hmm, >> >> 2.4.4 dist works for me >> >> gpg --keyserver pgpkeys.mit.edu --recv-key AE64E518 >> >> gpg --verify apache-empire-db-2.4.4-dist.tar.gz.asc >> gpg: assuming signed data in 'apache-empire-db-2.4.4-dist.tar.gz' >> gpg: Signature made Tue Aug 11 12:18:34 2015 CEST using DSA key ID AE64E518 >> gpg: Good signature from "Francis De Brabandere <[email protected]>" >> [ultimate] >> >> ➜ md5 apache-empire-db-2.4.4-dist.tar.gz >> MD5 (apache-empire-db-2.4.4-dist.tar.gz) = 2a461179e34afe0b2acaf9e42503e3 >> 3f >> ➜ cat apache-empire-db-2.4.4-dist.tar.gz.md5 >> 2a461179e34afe0b2acaf9e42503e33f ./target/apache-empire-db-2. >> 4.4-dist.tar.gz >> ➜ openssl sha1 apache-empire-db-2.4.4-dist.tar.gz >> SHA1(apache-empire-db-2.4.4-dist.tar.gz)= fe9fd8d45332a7e4db0f4d444e0941 >> d182c31116 >> ➜ cat apache-empire-db-2.4.4-dist.tar.gz.sha >> fe9fd8d45332a7e4db0f4d444e0941d182c31116 ./target/apache-empire-db-2. >> 4.4-dist.tar.gz >> >> both sha and md5 match here for tar.gz >> >> same for zip >> >> ➜ cat apache-empire-db-2.4.4-dist.zip.sha >> b46a4ea4feed1c2686c2ba2b6b0bf8c89ac21acf ./target/apache-empire-db-2. >> 4.4-dist.zip >> ➜ openssl sha1 apache-empire-db-2.4.4-dist.zip >> SHA1(apache-empire-db-2.4.4-dist.zip)= b46a4ea4feed1c2686c2ba2b6b0bf8 >> c89ac21acf >> >> >> >> >> On 10 January 2017 at 15:52, <[email protected]> wrote: >> >>> thx, I can verify 2.4.6rc2 now. >>> >>> but 2.4.4 from website is still broken: >>> >>> [jan ~/tmp] gpg --verify apache-empire-db-2.4.4-dist.zip.asc >>> gpg: Warning: using insecure memory! >>> gpg: assuming signed data in 'apache-empire-db-2.4.4-dist.zip' >>> gpg: Signature made Tue Aug 11 12:18:34 2015 CEST >>> gpg: using DSA key 593A1304AE64E518 >>> gpg: BAD signature from "Francis De Brabandere <[email protected]>" >>> [unknown] >>> >>> md5 & sha are also bad: >>> >>> b735ed3a4f477d8f1a03c6de22c7b361 ./target/apache-empire-db-2.4. >>> 4-dist.zip >>> >>> [jan ~/tmp] md5 apache-empire-db-2.4.4-dist.zip >>> MD5 (apache-empire-db-2.4.4-dist.zip) = 2ea5495d519307a7987fd08182c688ed >>> >>> b46a4ea4feed1c2686c2ba2b6b0bf8c89ac21acf ./target/apache-empire-db-2.4. >>> 4-dist.zip >>> >>> [jan ~/tmp] sha1 apache-empire-db-2.4.4-dist.zip >>> SHA1 (apache-empire-db-2.4.4-dist.zip) = 96f788b9dc564e607052903eb6e091 >>> f041ade075 >>> >>> are we sure nobody touched it...? >>> >>> - jan >>> >>> Zitat von Francis De Brabandere <[email protected]>: >>> >>> >>> @Jan, you can import the signature from the mit keyserver >>>> gpg --keyserver pgpkeys.mit.edu --recv-key 0B5DFB51 >>>> >>>> @Rainer the KEYS file is still not updated >>>> https://dist.apache.org/repos/dist/release/empire-db/KEYS >>>> >>>> Cheers, >>>> F >>>> >>>> >>>> >>>> On 10 January 2017 at 08:39, Jan Glaubitz <[email protected]> wrote: >>>> >>>> Hello Rainer, >>>>> >>>>> SHA works now (but: maybe we should use at least SHA256?) >>>>> >>>>> I'm still unable to verify the PGP signature. >>>>> >>>>> - jan >>>>> >>>>> Von meinem iPhone gesendet >>>>> >>>>>> Am 10.01.2017 um 08:18 schrieb Rainer Döbele <[email protected]>: >>>>>> >>>>>> Hi Jan, >>>>>> >>>>>> you are absolutely right: instead of the sha hash the file contained >>>>> the >>>>> md5 hash. >>>>>> I have corrected it now. >>>>>> Please check again. >>>>>> >>>>>> Regards >>>>>> Rainer >>>>>> >>>>>>> From: [email protected] [mailto:[email protected]] >>>>>>> To: [email protected] >>>>>>> Subject: Re: [VOTE] Release Apache Empire-db 2.4.6 (rc2) >>>>>>> >>>>>>> Hello Rainer, >>>>>>> >>>>>>> how did you create the sha sum? I cant validate its correct: >>>>>>> >>>>>>> [jan ~/tmp] sha1 apache-empire-db-2.4.6-dist.zip >>>>>>> SHA1 (apache-empire-db-2.4.6-dist.zip) = >>>>>>> 9d0f4e28334561e15458671b7b093b7b3cc5f9cb >>>>>>> >>>>>>> yours look a little bit short...? >>>>>>> >>>>>>> >>>>>>> Which key did you use to create the PGP signature? I can't verify >>>>> with >>>>> they >>>>>>> KEYS file from the website: >>>>>>> >>>>>>> [jan ~/tmp] gpg --verify apache-empire-db-2.4.6-dist.zip.asc >>>>>>> gpg: Warning: using insecure memory! >>>>>>> gpg: assuming signed data in 'apache-empire-db-2.4.6-dist.zip' >>>>>>> gpg: Signature made Mon Jan 9 11:46:48 2017 CET >>>>>>> gpg: using RSA key 0279D7D50B5DFB51 >>>>>>> gpg: Can't check signature: No public key >>>>>>> >>>>>>> - jan >>>>>>> >>>>>>> Zitat von Rainer Döbele <[email protected]>: >>>>>>> >>>>>>>> Hi all, >>>>>>>> >>>>>>>> Due to an incorrect distribution file I have cancelled rc1 and >>>>>>>> prepared a second release candidate for version 2.4.6. >>>>>>>> Please do all check and vote again on this release candidate. >>>>>>>> >>>>>>>> A list of all resolved issues for this release can be found here: >>>>>>>> https://issues.apache.org/jira/browse/EMPIREDB- >>>>>>> 250?jql=project%20%3D%2 >>>>>>>> 0EMPIREDB%20AND%20fixVersion%20in%20(empire-db- >>>>>>> 2.4.6%2C%20empire-db-2. >>>>>>>> >>>>>>> 4.5)%20ORDER%20BY%20due%20ASC%2C%20priority%20DESC%2C%20create >>>>>>> d%20ASC >>>>>>>> >>>>>>>> Maven staging repository: >>>>>>>> https://repository.apache.org/content/repositories/orgapache >>>>> empire-db- >>>>>>>> 1004/ >>>>>>>> >>>>>>>> The distribution files are located here: >>>>>>>> https://dist.apache.org/repos/dist/dev/empire-db/apache-empi >>>>> re-db-2.4. >>>>>>>> 6-rc2/ >>>>>>>> >>>>>>>> The Rat report for the tag is available here: >>>>>>>> https://dist.apache.org/repos/dist/dev/empire-db/apache-empi >>>>> re-db-2.4. >>>>>>>> 6-rc2/rat.txt >>>>>>>> >>>>>>>> Vote open for 72 hours. >>>>>>>> >>>>>>>> [ ] +1 >>>>>>>> [ ] +0 >>>>>>>> [ ] -1 >>>>>>> >>>>>>> >>>>>> >>>>> >>>>> >>>>> >>> >>> >>> >>
