Alex Athanasopoulos created FREEMARKER-98:
---------------------------------------------
Summary: bad sh1512 and asc signatures for 2.3.28 tar files
Key: FREEMARKER-98
URL: https://issues.apache.org/jira/browse/FREEMARKER-98
Project: Apache Freemarker
Issue Type: Bug
Components: site
Affects Versions: 2.3.28
Reporter: Alex Athanasopoulos
The signatures for the 2.3.28 release tars don't seem to match the files.
I downloaded apache-freemarker-2.3.28-bin.tar.gz from
[https://freemarker.apache.org/freemarkerdownload.html] and also the .sha512
and .asc files.
I run "sha512sum apache-freemarker-2.3.28-bin.tar.gz" and got:
a77becbfe29785eca4ce5b51786ab783ef686f4159546fa88ce13b0592befe43db98c8a6d4e8e113f35a0b6515ca85e4ea9962df57b76a3ca172989557d9b20c
apache-freemarker-2.3.28-bin.tar.gz
which is different from apache-freemarker-2.3.28-bin.tar.gz.sha512:
534cb51b781e83b2109f43a9186a030a1c3d6c5c13117bd5a6168b10c9a3cbd010e6ce806fdc6fce66e4b8a59d8a752f0552758ec769795e2bd3b66c09c0442a
I then tried the .asc and it also failed:
gpg --verify apache-freemarker-2.3.28-bin.tar.gz.asc
gpg: assuming signed data in 'apache-freemarker-2.3.28-bin.tar.gz'
gpg: Signature made Sat 31 Μαρ 2018 12:11:30 am EEST
gpg: using RSA key 1939A2520BAB1D90
gpg: BAD signature from "Daniel Dekany <[email protected]>" [unknown]
Similarly for the src tar.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
