Hey, I got that email last night from the henkp bot that checks sigs, after fixing up the KEYS file on people.a.o, I tried to check the signatures as a last minute sanity check and noticed that it seems like the jars that are deployed are different from the jars sitting on my machine from when I ran the release... For instance -
(on people.a.o) $ shasum struts-annotations-1.0.5*.jar 40e6914b9ed3988ae38d141099b8a10af7992d8f struts-annotations-1.0.5-javadoc.jar e9dbf458c0f445d68b71789388a8ca6df426efcb struts-annotations-1.0.5-sources.jar 373013015e18b6cb6ae488c6755f7824f737c958 struts-annotations-1.0.5.jar (on my machine) $ shasum struts-annotations-1.0.5*jar a0a67a32990325d06b057c59aef1e974b2669b64 struts-annotations-1.0.5.jar dfa90f19763e9fa159377f0a105366735954e3f6 struts-annotations-1.0.5-javadoc.jar a8f2cd8275c50040f5c7d85657fcc877e54a6f66 struts-annotations-1.0.5-sources.jar So, of course, the detached sigs are failing as well... I kind of figure that it's related to the recent disk failure / restore from backup, but I'm not sure whether I should just SCP the copies out there or notify infra. Suggestions? -Wes -- Wes Wannemacher Head Engineer, WanTii, Inc. Need Training? Struts, Spring, Maven, Tomcat... Ask me for a quote! --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
