MINA 1.1.7 MD5 and SHA1 hashes do not match downloads

Valient Gough Wed, 18 Jun 2008 16:14:26 -0700

>From page: http://mina.apache.org/downloads.html


mina-1.1.7 and mina-2.0.0-m1 files do not match md5, sha1, or gpg signatures!

I tested mina-1.1.7.zip , mina-1.1.7.tar.bz2, and
mina-2.0.0-M1.tar.bz2, all of which failed checks.

for example,
mina-1.1.7.zip 
(http://mina.apache.org/dyn/closer.cgi/mina/1.1.7/mina-1.1.7.tar.bz2)
:
    expected md5 bd7f6fe7eaf45d2a464a1adc17df4a03 , got
8d16a06af893468ca2c6e4e0a7ba008d
    md5 link: http://www.apache.org/dist/mina/1.1.7/mina-1.1.7.tar.bz2.md5
mina-1.1.7.tar.gz: expected md5 2f83d9adc5212dd8516290b17f1fb43f , got
bd6006f16e46c421160815ce985f5c3d

# links taken directly from http://mina.apache.org/downloads.html
$ wget http://mina.apache.org/dyn/closer.cgi/mina/2.0.0-M1/mina-2.0.0-M1.tar.bz2
$ wget http://www.apache.org/dist/mina/2.0.0-M1/mina-2.0.0-M1.tar.bz2.asc
$ gpg mina-2.0.0-M1.tar.bz2.asc
gpg: Signature made Tue 19 Feb 2008 09:55:41 AM PST using DSA key ID 92E29412
gpg: BAD signature from "Mike Heath <[EMAIL PROTECTED]>"

Until fixed, I'm assuming all files are compromised..

MINA 1.1.7 MD5 and SHA1 hashes do not match downloads

Reply via email to