Hi ! Can you fill a JIRA for this ?
Thanks a lot ! On Thu, Jun 19, 2008 at 12:53 AM, Valient Gough <[EMAIL PROTECTED]> wrote: > From page: http://mina.apache.org/downloads.html > > mina-1.1.7 and mina-2.0.0-m1 files do not match md5, sha1, or gpg signatures! > > I tested mina-1.1.7.zip , mina-1.1.7.tar.bz2, and > mina-2.0.0-M1.tar.bz2, all of which failed checks. > > for example, > mina-1.1.7.zip > (http://mina.apache.org/dyn/closer.cgi/mina/1.1.7/mina-1.1.7.tar.bz2) > : > expected md5 bd7f6fe7eaf45d2a464a1adc17df4a03 , got > 8d16a06af893468ca2c6e4e0a7ba008d > md5 link: http://www.apache.org/dist/mina/1.1.7/mina-1.1.7.tar.bz2.md5 > mina-1.1.7.tar.gz: expected md5 2f83d9adc5212dd8516290b17f1fb43f , got > bd6006f16e46c421160815ce985f5c3d > > # links taken directly from http://mina.apache.org/downloads.html > $ wget > http://mina.apache.org/dyn/closer.cgi/mina/2.0.0-M1/mina-2.0.0-M1.tar.bz2 > $ wget http://www.apache.org/dist/mina/2.0.0-M1/mina-2.0.0-M1.tar.bz2.asc > $ gpg mina-2.0.0-M1.tar.bz2.asc > gpg: Signature made Tue 19 Feb 2008 09:55:41 AM PST using DSA key ID 92E29412 > gpg: BAD signature from "Mike Heath <[EMAIL PROTECTED]>" > > Until fixed, I'm assuming all files are compromised.. > -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
