[
https://issues.apache.org/jira/browse/LOG4J2-3314?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17477401#comment-17477401
]
Matt Sicker commented on LOG4J2-3314:
-------------------------------------
I'm not able to reproduce this problem.
{{$ curl -O
[https://dlcdn.apache.org/logging/log4j/2.17.1/apache-log4j-2.17.1-bin.tar.gz]}}
{{$ curl -O
[https://downloads.apache.org/logging/log4j/2.17.1/apache-log4j-2.17.1-bin.tar.gz.asc]}}
{{$ gpg --verify apache-log4j-2.17.1-bin.tar.gz.asc
gpg: assuming signed data in 'apache-log4j-2.17.1-bin.tar.gz'
gpg: Signature made Mon Dec 27 17:29:29 2021 CST
gpg: using RSA key 9D0A56AAA0D60E0C0C7DCCC0B4C70893B62BABE8
gpg: issuer "[email protected]"
gpg: Good signature from "Matt Sicker (Apache Software Foundation)
<[email protected]>" [ultimate]
gpg: aka "Matthew Sicker (Signing Key) <[email protected]>"
[ultimate]
Primary key fingerprint: 748F 15B2 CF9B A8F0 2415 5E6E D7C9 2B70 FA1C 814D
Subkey fingerprint: 9D0A 56AA A0D6 0E0C 0C7D CCC0 B4C7 0893 B62B ABE8}}
> checksum and signature checks fail for 2.17.1 bin zip and tgz
> -------------------------------------------------------------
>
> Key: LOG4J2-3314
> URL: https://issues.apache.org/jira/browse/LOG4J2-3314
> Project: Log4j 2
> Issue Type: Bug
> Affects Versions: 2.17.1
> Reporter: Adam Dalhed
> Priority: Major
>
> The linked binary downloads on
> [https://logging.apache.org/log4j/2.x/download.html] fail the signature and
> sha512 checksums. I didn't check the src downloads. I had to download the
> binaries from the [main distribution
> directory|https://www.apache.org/dist/logging/] to pass the checks.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
