Details
-
Bug
-
Status: Resolved
-
Critical
-
Resolution: Fixed
-
None
-
None
-
None
Description
I just downloaded Flume 1.5.2 and when running the gpg command to verify the tarball I'm getting a bad signature.
$ gpg --verify apache-flume-1.5.0-bin.tar.gz.asc gpg: assuming signed data in 'apache-flume-1.5.0-bin.tar.gz' gpg: Signature made Wed May 7 15:53:05 2014 MDT using RSA key ID 77FFC9AB gpg: Good signature from "Hari Shreedharan <hshreedharan@apache.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 761A 881F 8FD1 37CE F1F4 A3EE B724 4AD9 77FF C9AB $ gpg --verify apache-flume-1.5.2-bin.tar.gz.asc gpg: assuming signed data in 'apache-flume-1.5.2-bin.tar.gz' gpg: Signature made Wed Nov 12 13:53:47 2014 MST using RSA key ID 77FFC9AB gpg: BAD signature from "Hari Shreedharan <hshreedharan@apache.org>" [unknown]
I double checked the MD5 and SHA1 checksum of the file I downloaded and what is on the files and it doesn't match either.
I downloaded 1.5.0 and every is good so you seem to have a problem with the 1.5.2 tarballs.
Can you please have a look?
thank you!
Attachments
Issue Links
- links to