Re: log4j 2.15.0 signature and sha512 hash

Mon, 13 Dec 2021 19:27:29 -0800 

Thanks for confirming!
--
Matt Sicker

> On Dec 13, 2021, at 20:02, Daniel Savard <daniel.sav...@gmail.com> wrote:
> 
> Le lun. 13 déc. 2021 à 13:35, Daniel Savard <daniel.sav...@gmail.com> a
> écrit :
> 
>> 
>> -----------------
>> Daniel Savard
>> 
>> 
>> Le lun. 13 déc. 2021 à 13:28, Gary Gregory <garydgreg...@gmail.com> a
>> écrit :
>> 
>>> On Mon, Dec 13, 2021 at 1:22 PM Daniel Savard <daniel.sav...@gmail.com>
>>> wrote:
>>> 
>>>> Le lun. 13 déc. 2021 à 12:34, Gary Gregory <garydgreg...@gmail.com> a
>>>> écrit :
>>>> 
>>>>> Works for me:
>>>>> 
>>>>> gpg --verify apache-log4j-2.15.0-bin.tar.gz.asc
>>>>> 
>>>> 
>>>> Here is the content of the asc file:
>>>> 
>>>> -----BEGIN PGP SIGNATURE-----
>>>> 
>>>> iQIzBAABCgAdFiEEU8k1ghqmp1W9M321NZU5XrPY4boFAmGySd0ACgkQNZU5XrPY
>>>> 4bqQtQ/+KXQi3+6LZ13HyEefNsnBm84krCXK/nAIlRnerbV+Wj1g0xU7cC8l3m+n
>>>> UHw2/BIIurGnOKU4bvGUOc5UYDTED4LPadkvXYW0NMvBGla0fvR1lyEMypS2E2nz
>>>> 0g3sqHC0T4ZEGEIO7jmUVQJEpPya33VlztfnoNQPcqv6PCOilIVK1EmoewEBvnsd
>>>> SVAJPhJtD43mUPLsIMIc4k7IM56FssN+2+46mba6YH39C4Z4NheGBUK9UXWYKQd3
>>>> 3DKHoIoLb2hKXLdxHHz5u4dbkYPiHyGR4iX0wjq7W4eUX/4v+czsjrs8vQ5Gvhba
>>>> slg6RfUeu+fkMJfQUgRLT2HRSIKsuUd2QMppxW1GKRnfpx0yzAUWMfFfPcxuEa/u
>>>> em4YCsz1/a0AtfgtI6+Lne0yWsxORVVutquVOyF0ddjySQccPNYaOyOjx6jASM2A
>>>> LxkdCko0+2rSuIWcLMpWaoeRedao4L6O3azdU0IcN7/BVyXczM2t5cYB4QDdXvSc
>>>> UKJ6q6dQLngIwYqo6Q/d1XeKatWuhSPz0+mAoGAWvllvzWKb1/YbC/jZk/vxVqzR
>>>> K/mHB24pPWfcWiQNfbHrOVVUzv783u1RkEqDCGbBNBUr+ud1Fvte0i1x6WIhGXS7
>>>> qb5OTuljDicQ1L2mAKgvzl4XnOUsFmuBagZHYk58n19ZlxfBlyw=
>>>> =gA3i
>>>> 
>>>> -----END PGP SIGNATURE-----
>>>> 
>>>> This results in a bad signature.
>>>> 
>>> 
>>> What happens when you run:
>>> 
>>> gpg --verify apache-log4j-2.15.0-bin.tar.gz.asc
>>> 
>>> ?
>>> 
>> 
>> $ gpg --verify apache-log4j-2.15.0-bin.tar.gz.asc
>> gpg: keyserver option 'honor-http-proxy' is unknown
>> gpg: les données signées sont supposées être dans «
>> apache-log4j-2.15.0-bin.tar.gz »
>> gpg: Signature faite le jeu 09 déc 2021 13:24:29 EST
>> gpg:                avec la clef RSA
>> 53C935821AA6A755BD337DB53595395EB3D8E1BA
>> gpg: MAUVAISE signature de « Ralph Goers (CODE SIGNING KEY) <
>> rgo...@apache.org> » [inconnu]
>> 
>> MAUVAISE=BAD
>> 
>> 
>>> Gary
>>> 
>> 
>> 
> apache-log4j-2.16.0 is out and this time signature and hash validation work
> perfectly.
> 
> -----------------
> Daniel Savard


---------------------------------------------------------------------
To unsubscribe, e-mail: log4j-user-unsubscr...@logging.apache.org
For additional commands, e-mail: log4j-user-h...@logging.apache.org

Reply via email to