Uploaded image for project: 'Apache Freemarker'
  1. Apache Freemarker
  2. FREEMARKER-98

bad sh1512 and asc signatures for 2.3.28 tar files

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Invalid
    • Affects Version/s: 2.3.28
    • Fix Version/s: 2.3.28
    • Component/s: site
    • Labels:
      None

      Description

      The signatures for the 2.3.28 release tars don't seem to match the files.

      I downloaded apache-freemarker-2.3.28-bin.tar.gz from https://freemarker.apache.org/freemarkerdownload.html and also the .sha512 and .asc files.

      I run "sha512sum apache-freemarker-2.3.28-bin.tar.gz" and got:

      a77becbfe29785eca4ce5b51786ab783ef686f4159546fa88ce13b0592befe43db98c8a6d4e8e113f35a0b6515ca85e4ea9962df57b76a3ca172989557d9b20c  apache-freemarker-2.3.28-bin.tar.gz

      which is different from apache-freemarker-2.3.28-bin.tar.gz.sha512:

      534cb51b781e83b2109f43a9186a030a1c3d6c5c13117bd5a6168b10c9a3cbd010e6ce806fdc6fce66e4b8a59d8a752f0552758ec769795e2bd3b66c09c0442a

      I then tried the .asc and it also failed:

      gpg --verify apache-freemarker-2.3.28-bin.tar.gz.asc
      gpg: assuming signed data in 'apache-freemarker-2.3.28-bin.tar.gz'
      gpg: Signature made Sat 31 Μαρ 2018 12:11:30 am EEST
      gpg:                using RSA key 1939A2520BAB1D90

      gpg: BAD signature from "Daniel Dekany <ddekany@apache.org>" [unknown]

       

      Similarly for the src tar.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              alex186 Alex Athanasopoulos
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: