Herr Mueller i got thru: wget http://www.apache.org/dist/maven/KEYS --2012-10-14 00:14:28-- http://www.apache.org/dist/maven/KEYS Resolving www.apache.org... 140.211.11.131, 192.87.106.229 Connecting to www.apache.org|140.211.11.131|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 131350 (128K) Saving to: `KEYS'
100%[======================================>] 131,350 117K/s in 1.1s 2012-10-14 00:14:30 (117 KB/s) - `KEYS' saved [131350/131350] i got thru by not checking for certificate wget --no-check-certificate https://svn.apache.org/repos/asf/maven/project/KEYS --2012-10-14 00:19:22-- https://svn.apache.org/repos/asf/maven/project/KEYS Resolving svn.apache.org... 140.211.11.4 Connecting to svn.apache.org|140.211.11.4|:443... connected. WARNING: cannot verify svn.apache.org's certificate, issued by `/C=US/O=Thawte, Inc./CN=Thawte SSL CA': Unable to locally verify the issuer's authority. HTTP request sent, awaiting response... 200 OK Length: 131350 (128K) [text/plain] Saving to: `KEYS.1' 100%[======================================>] 131,350 154K/s in 0.8s 2012-10-14 00:19:24 (154 KB/s) - `KEYS.1' saved [131350/131350] try from another wireless site BTW Thawte is a CA approved provider...you should not experience any "not trusted" errors with a Thawte issued cert Martin ______________________________________________ Verzicht und Vertraulichkeitanmerkung Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. > Date: Sat, 13 Oct 2012 14:25:20 +0000 > Subject: KEYS? > From: lbrt...@gmail.com > To: users@maven.apache.org > > I couldn't find anyone complaining about issues while > downloading/verifying KEYS in your FAQ: > ~ > http://maven.apache.org/general.html > ~ > yet the link to the KEY ring used by your developers is not to be found > ~ > $ wget http://www.apache.org/dist/maven/KEYS > --2012-10-13 10:19:32-- http://www.apache.org/dist/maven/KEYS > Resolving www.apache.org (www.apache.org)... 140.211.11.131, > 192.87.106.229, 2001:610:1:80bc:192:87:106:229 > Connecting to www.apache.org (www.apache.org)|140.211.11.131|:80... connected. > HTTP request sent, awaiting response... 404 Not Found > 2012-10-13 10:19:33 ERROR 404: Not Found. > ~ > and things seems not to work if you use the one in your repositories > ~ > $ wget --no-check-certificate https://svn.apache.org/repos/asf/maven/project/KEYS > --2012-10-13 10:20:46-- https://svn.apache.org/repos/asf/maven/project/KEYS > Resolving svn.apache.org (svn.apache.org)... 140.211.11.4 > Connecting to svn.apache.org (svn.apache.org)|140.211.11.4|:443... connected. > WARNING: The certificate of `svn.apache.org' is not trusted. > WARNING: The certificate of `svn.apache.org' hasn't got a known issuer. > HTTP request sent, awaiting response... 200 OK > Length: 131350 (128K) [text/plain] > Saving to: `KEYS' > > 100%[====================================================================================================>] > 131,350 314K/s in 0.4s > > 2012-10-13 10:20:48 (314 KB/s) - `KEYS' saved [131350/131350] > > $ ls -l KEYS > -rw-r--r-- 1 knoppix knoppix 131350 Oct 5 15:01 KEYS > $ wc -l KEYS > 2334 KEYS > $ md5sum KEYS > e1e7483acae6b595207dcd17ab188119 KEYS > $ md5sum -b KEYS > e1e7483acae6b595207dcd17ab188119 *KEYS > ~ > $ gpg --import KEYS > gpg: key C560DD8B: public key "Emmanuel Venisse <eveni...@apache.org>" > imported > gpg: key BB617866: public key "Sarel Jason van Zyl <ja...@maven.org>" imported > gpg: key C9725F3B: public key "Dion Gillard <d...@multitask.com.au>" imported > gpg: key 084C9113: public key "Brett Porter <br...@apache.org>" imported > gpg: key 1824BDC1: public key "Brett Porter (Release Signing Key) > <br...@apache.org>" imported > gpg: key F0E309FF: public key "Vincent Massol <vmas...@apache.org>" imported > gpg: key 5249885E: public key "Lukas Theussl <ltheu...@apache.org>" imported > gpg: key 93CC521B: public key "Arnaud Heritier (aheritier) > <aherit...@apache.org>" imported > gpg: key 699A35EB: public key "Arnaud Heritier (CODE SIGNING KEY) > <aherit...@apache.org>" imported > gpg: key 27CD9F92: public key "Fabrizio Giustina <fgi...@apache.org>" imported > gpg: key F0E309FF: "Vincent Massol <vmas...@apache.org>" not changed > gpg: key AF5EC452: public key "Dennis Lundberg (CODE SIGNING KEY) > <denn...@apache.org>" imported > gpg: key 8FB67BAC: public key "Joakim Erdfelt <joak...@apache.org>" imported > gpg: key 3C062231: public key "Brian E Fox <bri...@apache.org>" imported > gpg: key BB550746: public key "J. Daniel Kulp <d...@kulp.com>" imported > gpg: key E50BC813: public key "Jesse McConnell (CODE SIGNING KEY) > <jmcconn...@apache.org>" imported > gpg: key B3A2D3B1: public key "John Casey (Maven PMC Member) > <j...@maven.org>" imported > gpg: key 9C0EFF85: public key "John D Casey <jdca...@mergere.com>" imported > gpg: key DB596386: public key "Vincent Siveton <vsive...@apache.org>" imported > gpg: key A43C4492: public key "Carlos Sanchez > <carlos.sanc...@mergere.com>" imported > gpg: key C625BAFB: public key "Maria Odea Ching <och...@apache.org>" imported > gpg: key 7BA507E8: public key "Mauro Talevi <ma...@apache.org>" imported > gpg: key 70161C62: public key "Herve Boutemy <hbout...@apache.org>" imported > gpg: key B4372146: public key "Olivier Lamy <ol...@apache.org>" imported > gpg: key 0F353251: public key "Dan Fabulich <dfabul...@apache.org>" imported > gpg: key 064C851C: public key "Raphaël Piéroni <raf...@apache.org>" imported > gpg: key B0874707: public key "Milos Kleint <mkle...@apache.org>" imported > gpg: key 365A46EF: public key "Mark Hobson <ma...@apache.org>" imported > gpg: key 81C4177D: public key "Oleg Gusakov <ogusa...@apache.org>" imported > gpg: key 34A72A7F: public key "John Dennis Casey > <jdca...@commonjava.org>" imported > gpg: key 3571506F: public key "Raphaël Piéroni <raf...@apache.org>" imported > gpg: key 9A25CE21: public key "Barrie Treloar <baerr...@apache.org>" imported > gpg: key 9D7013A9: public key "Dan T. Tran <dant...@apache.org>" imported > gpg: key CC303655: public key "Stephane Nicoll <snic...@apache.org>" imported > gpg: key 39332BA6: public key "Barrie Treloar <baerr...@apache.org>" imported > gpg: key A7FF4A41: public key "Benjamin Bentmann (CODE SIGNING KEY) > <bentm...@apache.org>" imported > gpg: key 7F3ACFC4: public key "Paul Gier (Apache Maven) > <pg...@apache.org>" imported > gpg: key CDA187E9: public key "Nicolas De loof <nico...@apache.org>" imported > gpg: key B620D787: public key "Stephen Connolly <steph...@apache.org>" > imported > gpg: key DDFA199E: public key "John Dennis Casey (Apache Code-Signing > Key) <jdca...@apache.org>" imported > gpg: key 2CF0CC82: public key "Arnaud Héritier (CODE SIGNING KEY) > <aherit...@apache.org>" imported > gpg: key E0747D50: public key "Kristian Rosenvold > <krosenv...@apache.org>" imported > gpg: key 589628E0: public key "Mark Hobson <ma...@apache.org>" imported > gpg: key 6BFC416A: public key "Brian Demers <brian.dem...@gmail.com>" imported > gpg: key DC742C7C: public key "Brian E Fox (CODE SIGNING KEY) > <bri...@apache.org>" imported > gpg: key 9CE964B8: public key "Robert Scholte <rfscho...@codehaus.org>" > imported > gpg: key ED330E1B: public key "Igor Fedorenko <i...@ifedorenko.com>" imported > gpg: key F65C0178: public key "Tony Chemit (CODE SIGNING KEY) > <tche...@apache.org>" imported > gpg: key 98B1CC53: public key "Benson Margulies > <bimargul...@apache.org>" imported > gpg: key 4FB9BA39: public key "Tamás Cservenák <ta...@cservenak.net>" imported > gpg: Total number processed: 50 > gpg: imported: 49 (RSA: 10) > gpg: unchanged: 1 > gpg: no ultimately trusted keys found > > $ gpg --verify apache-maven-3.0.4-src.tar.gz.asc apache-maven-3.0.4-src.tar.gz > gpg: Signature made Tue 17 Jan 2012 08:47:56 AM UTC using DSA key ID B4372146 > gpg: BAD signature from "Olivier Lamy <ol...@apache.org>" > ~ > Any idea of where to fing the actual KEYS/how to verify your sources? > ~ > $ ls -l apache-maven-3.0.4-src.tar.* > -rw-r--r-- 1 knoppix knoppix 30124 Oct 11 05:04 apache-maven-3.0.4-src.tar.gz > -rw-r--r-- 1 knoppix knoppix 195 Sep 5 07:01 > apache-maven-3.0.4-src.tar.gz.asc > -rw-r--r-- 1 knoppix knoppix 32 Sep 5 07:01 > apache-maven-3.0.4-src.tar.gz.md5 > > $ md5sum apache-maven-3.0.4-src.tar.* > 2a566eb38e76715425c1f33d2a4c35f0 apache-maven-3.0.4-src.tar.gz > 540ba35dab4c89d2adf576a8277a651a apache-maven-3.0.4-src.tar.gz.asc > a20ed622fdc6ae8be9da97a42efbec29 apache-maven-3.0.4-src.tar.gz.md5 > ~ > thanks > lbrtchx > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@maven.apache.org > For additional commands, e-mail: users-h...@maven.apache.org >
