[ 
https://issues.apache.org/jira/browse/MNG-6761?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16926642#comment-16926642
 ] 

Michael Osipov edited comment on MNG-6761 at 9/10/19 1:45 PM:
--------------------------------------------------------------

[~eolivelli], did you upload your public GPG key?


was (Author: michael-o):
[~eolivelli], did you upload yuor public GPG key?

> 3.6.2 builds are unsigned
> -------------------------
>
>                 Key: MNG-6761
>                 URL: https://issues.apache.org/jira/browse/MNG-6761
>             Project: Maven
>          Issue Type: Bug
>          Components: Bootstrap & Build
>    Affects Versions: 3.6.2
>         Environment: Windows 10
> pkovacs@DESKTOP-S24R6DS MINGW64 ~/Downloads                                   
>                                                                               
>                                                                               
>                                       $ gpg --version                         
>                                                                               
>                                                                               
>                                                                             
> gpg (GnuPG) 2.2.16-unknown
> libgcrypt 1.8.4
> Copyright (C) 2019 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
> Home: /c/Users/pkovacs/.gnupg
> Supported algorithms:
> Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
> Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
>         CAMELLIA128, CAMELLIA192, CAMELLIA256
> Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
> Compression: Uncompressed, ZIP, ZLIB, BZIP2
>            Reporter: KOVÁCS PÉTER
>            Priority: Major
>
> {code}
> $ gpg --verify --status-fd 1 apache-maven-3.6.2-bin.zip.asc 
> apache-maven-3.6.2-bin.zip                                                    
>                                                                               
>                                                         [GNUPG:] NEWSIG
> gpg: Signature made Tue Aug 27 17:10:11 2019 CEDT
> gpg:                using RSA key BBE7232D7991050B54C8EA0ADC08637CA615D22C
> [GNUPG:] ERRSIG DC08637CA615D22C 1 10 00 1566918611 9 
> BBE7232D7991050B54C8EA0ADC08637CA615D22C
> [GNUPG:] NO_PUBKEY DC08637CA615D22C
> gpg: Can't check signature: No public key
> {code}
>  
>  whereas for 3.6.1
> {code}
> $ gpg --verify --status-fd 1 apache-maven-3.6.1-bin.zip.asc 
> apache-maven-3.6.1-bin.zip                                                    
>                                                                               
>                                                         [GNUPG:] NEWSIG
> gpg: Signature made Thu Apr  4 21:02:59 2019 CEDT
> gpg:                using RSA key AE9E53FC28FF2AB1012273D0BF1518E0160788A2
> [GNUPG:] KEY_CONSIDERED AE9E53FC28FF2AB1012273D0BF1518E0160788A2 0
> [GNUPG:] SIG_ID SPyIoMJ54Xs7p43r2ZmK3Z9ktFY 2019-04-04 1554404579
> [GNUPG:] KEY_CONSIDERED AE9E53FC28FF2AB1012273D0BF1518E0160788A2 0
> [GNUPG:] GOODSIG BF1518E0160788A2 Karl Heinz Marbaise (ASF Key) 
> <khmarba...@apache.org>
> gpg: Good signature from "Karl Heinz Marbaise (ASF Key) 
> <khmarba...@apache.org>" [unknown]
> [GNUPG:] VALIDSIG AE9E53FC28FF2AB1012273D0BF1518E0160788A2 2019-04-04 
> 1554404579 0 4 0 1 10 00 AE9E53FC28FF2AB1012273D0BF1518E0160788A2
> [GNUPG:] KEY_CONSIDERED AE9E53FC28FF2AB1012273D0BF1518E0160788A2 0
> [GNUPG:] TRUST_UNDEFINED 0 pgp
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the owner.
> Primary key fingerprint: AE9E 53FC 28FF 2AB1 0122  73D0 BF15 18E0 1607 88A2
> {code}
> I've tried to download from several site, all downloads have the same issue



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

Reply via email to