Uploaded image for project: 'Maven'
  1. Maven
  2. MNG-6761

3.6.2 builds are unsigned

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.6.2
    • Fix Version/s: None
    • Component/s: Bootstrap & Build
    • Labels:
      None
    • Environment:

      Description

      $ gpg --verify --status-fd 1 apache-maven-3.6.2-bin.zip.asc apache-maven-3.6.2-bin.zip                                                                                                                                                                                          [GNUPG:] NEWSIG
      gpg: Signature made Tue Aug 27 17:10:11 2019 CEDT
      gpg:                using RSA key BBE7232D7991050B54C8EA0ADC08637CA615D22C
      [GNUPG:] ERRSIG DC08637CA615D22C 1 10 00 1566918611 9 BBE7232D7991050B54C8EA0ADC08637CA615D22C
      [GNUPG:] NO_PUBKEY DC08637CA615D22C
      gpg: Can't check signature: No public key
      

       
       whereas for 3.6.1

      $ gpg --verify --status-fd 1 apache-maven-3.6.1-bin.zip.asc apache-maven-3.6.1-bin.zip                                                                                                                                                                                          [GNUPG:] NEWSIG
      gpg: Signature made Thu Apr  4 21:02:59 2019 CEDT
      gpg:                using RSA key AE9E53FC28FF2AB1012273D0BF1518E0160788A2
      [GNUPG:] KEY_CONSIDERED AE9E53FC28FF2AB1012273D0BF1518E0160788A2 0
      [GNUPG:] SIG_ID SPyIoMJ54Xs7p43r2ZmK3Z9ktFY 2019-04-04 1554404579
      [GNUPG:] KEY_CONSIDERED AE9E53FC28FF2AB1012273D0BF1518E0160788A2 0
      [GNUPG:] GOODSIG BF1518E0160788A2 Karl Heinz Marbaise (ASF Key) <khmarbaise@apache.org>
      gpg: Good signature from "Karl Heinz Marbaise (ASF Key) <khmarbaise@apache.org>" [unknown]
      [GNUPG:] VALIDSIG AE9E53FC28FF2AB1012273D0BF1518E0160788A2 2019-04-04 1554404579 0 4 0 1 10 00 AE9E53FC28FF2AB1012273D0BF1518E0160788A2
      [GNUPG:] KEY_CONSIDERED AE9E53FC28FF2AB1012273D0BF1518E0160788A2 0
      [GNUPG:] TRUST_UNDEFINED 0 pgp
      gpg: WARNING: This key is not certified with a trusted signature!
      gpg:          There is no indication that the signature belongs to the owner.
      Primary key fingerprint: AE9E 53FC 28FF 2AB1 0122  73D0 BF15 18E0 1607 88A2
      

      I've tried to download from several site, all downloads have the same issue

        Attachments

          Activity

            People

            • Assignee:
              eolivelli Enrico Olivelli
              Reporter:
              n1ghtm4n4g3r KOVÁCS PÉTER
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: