ant-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron Tovo <aa...@tovo.net>
Subject "gpg: BAD signature" on Ant download
Date Thu, 13 Mar 2008 07:48:08 GMT
I found a bad signature in the ant repository:

Computer:~ $ gpg --verify apache-ant-1.7.0-bin.zip.asc apache- 
ant-1.7.0-bin.zip
gpg: Signature made Wed Dec 13 04:33:32 2006 PST using DSA key ID  
265B4C63
gpg: BAD signature from "Antoine Levy-Lambert (Apache Ant Committer)  
<antoine@apache.org>"


A similar file in the same repository has a good sig (with a warning)  
from the same person:

Computer:~ $ gpg --verify ant-current-bin.zip.asc /Applications/ant- 
current-bin.zip
gpg: Signature made Wed Dec 13 04:33:32 2006 PST using DSA key ID  
265B4C63
gpg: Good signature from "Antoine Levy-Lambert (Apache Ant Committer)  
<antoine@apache.org>"
gpg:                 aka "Antoine Levy-Lambert (Apache Ant Committer)  
<antoine@antbuild.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to  
the owner.
Primary key fingerprint: 06A2 28AA B83A 18A8 DF7B  84B0 8614 D6AB  
265B 4C63

Interestingly, a file had the same problem with the same signature a  
year and a half ago: http://marc.info/?l=ant-dev&m=115432289117424&w=2

Is this a problem that a lot of people have run into?

Aaron
Seattle, USA







Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message