The message below was posted on the Maven Users list. I confirmed that the checksum from [1] doesn't match, and then tried to verify the gpg signature:
imbrium:Downloads wsmoak$ gpg -v xbean-finder-shaded-3.6.jar.asc gpg: armor header: Version: GnuPG v1.4.7 (Darwin) gpg: assuming signed data in `xbean-finder-shaded-3.6.jar' gpg: Signature made Fri Sep 11 14:26:53 2009 MST using DSA key ID 56F3E01B gpg: Can't check signature: public key not found I have imported http://www.apache.org/dist/geronimo/KEYS and I also searched http://pgp.mit.edu/ without finding it. Can the owner of 56F3E01B / release manager for 3.6 please update the KEYS file, or let me know where to find it? [1] http://repo2.maven.org/maven2/org/apache/xbean/xbean-finder-shaded/3.6/ Thanks, -- Wendy ---------- Forwarded message ---------- From: Markku Saarela <[email protected]> Date: Wed, Jan 27, 2010 at 7:16 AM Subject: Maven central has corrupted artifact org.apache.xbean:xbean-finder-shaded:jar:3.6 To: Maven Users List <[email protected]> Hi, org.apache.xbean:xbean-finder-shaded:jar:3.6 artifact MD5 checksum does not match, so our Artifactory reject it's download. So where can i get original jar file? rgds, Markku --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
