Pedro Salgado created FLUME-2687:
------------------------------------
Summary: apache flume 1.5.2 signature MD5 and SHA1 checksums
Key: FLUME-2687
URL: https://issues.apache.org/jira/browse/FLUME-2687
Project: Flume
Issue Type: Bug
Reporter: Pedro Salgado
Priority: Critical
I just downloaded Flume 1.5.2 and when running the gpg command to verify the
tarball I'm getting a bad signature.
{noformat}
$ gpg --verify apache-flume-1.5.0-bin.tar.gz.asc
gpg: assuming signed data in 'apache-flume-1.5.0-bin.tar.gz'
gpg: Signature made Wed May 7 15:53:05 2014 MDT using RSA key ID 77FFC9AB
gpg: Good signature from "Hari Shreedharan <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 761A 881F 8FD1 37CE F1F4 A3EE B724 4AD9 77FF C9AB
$ gpg --verify apache-flume-1.5.2-bin.tar.gz.asc
gpg: assuming signed data in 'apache-flume-1.5.2-bin.tar.gz'
gpg: Signature made Wed Nov 12 13:53:47 2014 MST using RSA key ID 77FFC9AB
gpg: BAD signature from "Hari Shreedharan <[email protected]>" [unknown]
{noformat}
I double checked the MD5 and SHA1 checksum of the file I downloaded and what is
on the files and it doesn't match either.
I downloaded 1.5.0 and every is good so you seem to have a problem with the
1.5.2 tarballs.
Can you please have a look?
thank you!
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
