Hi Yegor, I'm not seeing a valid signature on the tar.gz files. The zips are fine. It looks like you did all of the signing on the tar files and not the tar.gz files.
$ gpg --verify poi-bin-3.8-beta4-20110826.tar.gz.asc gpg: Signature made Tue Aug 23 11:26:14 2011 PDT using DSA key ID F5BB52CD gpg: BAD signature from "Yegor Kozlov <yegor.koz...@gmail.com>" $ gpg --verify poi-bin-3.8-beta4-20110826.zip.asc gpg: Signature made Tue Aug 23 11:26:16 2011 PDT using DSA key ID F5BB52CD gpg: Good signature from "Yegor Kozlov <yegor.koz...@gmail.com>" gpg: aka "Yegor Kozlov <ye...@dinom.ru>" gpg: aka "Yegor Kozlov <ye...@apache.org>" It looks like you signed poi-bin-3.8-beta4-20110826.tar and not poi-bin-3.8-beta4-20110826.tar.gz The sha1 hash matches that of the tar and no the tar.gz $ more poi-bin-3.8-beta4-20110826.tar.gz.sha1 44eb9badbe80b99768b8d821d74b106dc8c5a2c0 *poi-bin-3.8-beta4-20110826.tar.gz $ openssl sha1 poi-bin-3.8-beta4-20110826.tar SHA1(poi-bin-3.8-beta4-20110826.tar)= 44eb9badbe80b99768b8d821d74b106dc8c5a2c0 Rename the tar.gz.asc to tar.asc and the signature checks. $ gpg --verify poi-src-3.8-beta4-20110826.tar.asc gpg: Signature made Tue Aug 23 11:26:27 2011 PDT using DSA key ID F5BB52CD gpg: Good signature from "Yegor Kozlov <yegor.koz...@gmail.com>" gpg: aka "Yegor Kozlov <ye...@dinom.ru>" gpg: aka "Yegor Kozlov <ye...@apache.org>" I am using this GPG: http://www.gpgtools.org/installer/index.html And this reference for SHA1 hash - http://support.apple.com/kb/ht1652 Regards, Dave On Aug 23, 2011, at 12:04 PM, Yegor Kozlov wrote: > Hi All, > > Please test-drive the release candidate for POI 3.8 beta4 (take 2). > Compared to the first version, two release blockers have been found and fixed: > > (1) https://issues.apache.org/bugzilla/show_bug.cgi?id=51686 > (2) Our collection of test files included a document that we are not > allowed to distribute. The doc in question has been removed. > > The release candidate files are available from: > > https://dist.apache.org/repos/dist/dev/poi/ > > (The jars and poms to feed into the maven repo are in /maven/ > directory, they will be pushed using mvn-deploy.sh) > > As with all Apache release votes, please check that not only does the > code work, and no major breakages have occurred since the last > release, but also that packaging is correct, license headers and > notices exist etc. > > The vote options are: > > +1 - I support this release > 0 - I don't object to this release, but I haven't checked it > -1 - There's a problem with the release, and that is .... > > I'm voting [+1]. Vote open for 72 hours and ends on Friday, 26th August. > > Yegor > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org > For additional commands, e-mail: dev-h...@poi.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
