Hi, Do you remember from which mirror you download tar.gz ? Can you try to download from archive site ? http://www.us.apache.org/dist/maven/binaries/
2012/6/26 Jay Scott <[email protected]>: > I just downloaded apache-maven-3.0.4-bin.tar.gz (and its checksum and > signature) and can't verify the signature. I grabbed KEYS from > http://www.apache.org/dist/maven/KEYS and: > > $ gpg --import KEYS > ... > gpg: Total number processed: 42 > gpg: imported: 41 (RSA: 4) > gpg: unchanged: 1 > gpg: no ultimately trusted keys found > $ gpg --verify apache-maven-3.0.4-bin.tar.gz.asc > apache-maven-3.0.4-bin.tar.gz > gpg: Signature made Tue 17 Jan 2012 03:47:55 AM EST using DSA key ID > B4372146 > gpg: BAD signature from "Olivier Lamy <[email protected]>" > > The md5 checksum also doesn't match. I get > > $ md5sum apache-maven-3.0.4-bin.tar.gz > bc6559d120933c27534200d7dc9e0d39 apache-maven-3.0.4-bin.tar.gz > > and the download page says e513740978238cb9e4d482103751f6b7 > > Obviously I'm not using this tarball until I know what's up! Whose mistake > and/or compromise? > > Jay Scott > http://satirist.org/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > -- Olivier Lamy Talend: http://coders.talend.com http://twitter.com/olamy | http://linkedin.com/in/olamy --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
