Return-Path: Delivered-To: apmail-geronimo-user-archive@www.apache.org Received: (qmail 46020 invoked from network); 14 Feb 2006 20:34:34 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 14 Feb 2006 20:34:34 -0000 Received: (qmail 60506 invoked by uid 500); 14 Feb 2006 20:34:30 -0000 Delivered-To: apmail-geronimo-user-archive@geronimo.apache.org Received: (qmail 60488 invoked by uid 500); 14 Feb 2006 20:34:30 -0000 Mailing-List: contact user-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: user@geronimo.apache.org List-Id: Delivered-To: mailing list user@geronimo.apache.org Delivered-To: moderator for user@geronimo.apache.org Received: (qmail 5772 invoked by uid 99); 14 Feb 2006 14:18:23 -0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=UNPARSEABLE_RELAY X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: local policy) Message-Id: <43F1E698.1000006@ctsu.ox.ac.uk> Date: Tue, 14 Feb 2006 14:18:00 +0000 From: "Alex D. Baxter" Organization: CTSU, University of Oxford User-Agent: Thunderbird 1.5 (Windows/20051201) Mime-Version: 1.0 To: user@geronimo.apache.org Subject: Problem verifying Geronimo 1.0 release X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N I could not verify the checksums or PGP signatures after downloading the following packages (using the mirror recommended to me by the script): http://www.mirrorservice.org/sites/ftp.apache.org/geronimo/1.0/geronimo-jetty-j2ee-1.0.tar.gz http://www.mirror.ac.uk/mirror/ftp.apache.org/geronimo/1.0/geronimo-tomcat-j2ee-1.0.tar.gz e.g. for geronimo-tomcat-j2ee-1.0.tar.gz the SHA1 checksum at: http://www.apache.org/dist/geronimo/1.0/geronimo-tomcat-j2ee-1.0.tar.gz.sha is: 7a75e6f076d919f8175980fe7d38421ee87c9910 however the generated SHA1 checksum (sha1sum --version giving "shasum (coreutils) 5.2.1") is: 903bbd480f432a82c35de38159c1a89221fd587c the PGP signature from: http://www.apache.org/dist/geronimo/1.0/geronimo-tomcat-j2ee-1.0.tar.gz.asc is: -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQBDva7e+4xOrf6bkrsRAkN4AJ91KzHQBkr3w2NqB+IpYPAq84m/zgCfYMFs TLlG1Jdm0VYXt4QNLpNpFgc= =m+BA -----END PGP SIGNATURE----- verifying: $ gpg --verify geronimo-tomcat-j2ee-1.0.tar.gz.asc gpg: Signature made Thu 05 Jan 2006 23:42:22 GMT using DSA key ID FE9B92BB gpg: Can't check signature: public key not found the key ID FE9B92BB is not present in the keys file at: http://cvs.apache.org/dist/geronimo/KEYS and I could not find it on either of two keyservers I checked, so I am unable to verify the signature. I have downloaded the packages from several different mirrors and checked them on two different client machines, with the same result. -- Alex D. Baxter CTSU x3855 - external (+44) 01865 743855