flex-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Mclean <jus...@classsoftware.com>
Subject Re: Publish Maven artifacts for released versions of FlexUnit4?
Date Sat, 28 Mar 2015 23:26:40 GMT
Hi,

> Could you guys please double check the artifacts ...

I guess the main question is how do we confirm what source code this was compiled from?

> I know this is not an official release, but I still thing the signatures need verification.


May be the way it been deployed? but the the jar sigs and md5 hashes are ok (and using an
Apache email). but the pom file signature isn't.

for file in *.asc; do echo $file; gpg --verify $file; done

flexUnitTasks-4.2.0-javadoc.jar.asc
gpg: Signature made Sun 29 Mar 04:03:33 2015 AEDT using RSA key ID 5C60D6B9
gpg: Good signature from "Christofer Dutz (Apache Comitter) <cdutz@apache.org>"
flexUnitTasks-4.2.0-sources.jar.asc
gpg: Signature made Sun 29 Mar 04:03:27 2015 AEDT using RSA key ID 5C60D6B9
gpg: Good signature from "Christofer Dutz (Apache Comitter) <cdutz@apache.org>"
flexUnitTasks-4.2.0.jar.asc
gpg: Signature made Sun 29 Mar 04:03:13 2015 AEDT using RSA key ID 5C60D6B9
gpg: Good signature from "Christofer Dutz (Apache Comitter) <cdutz@apache.org>"
flexUnitTasks-4.2.0.pom.asc
gpg: no signed data
gpg: can't hash datafile: No data

Thanks,
Justin




Mime
View raw message