tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Cannot Validate Signature for apache-tomcat-7.0.23-windows-i64.zip
Date Tue, 24 Jan 2012 20:26:27 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 24/01/2012 20:01, Bill Rutledge wrote:
> I signed and trusted Mark's certificate:

On what basis are you trusting that that public key really does belong
to someone called "Mark Thomas"? Personally, I do rather more checks
before I'd trust someone else's public key.

> [cid:image001.png@01CCDAA8.11318280]

That's a nice series of characters. The list strips images.

> I tried to verify it, but it came up bad:
> 
> [cid:image002.png@01CCDAA8.11318280]

Can't see that image either.

Time to switch to a command line interface that you can copy and paste
stuff to/from.

The chances of a signature on a Tomcat release being bad is pretty
slim. The reasons for this are:
- - Most of the tomcat committers have met each other, verified keys and
identities and have signed each others keys
- - They have also done the same for many other folks at the ASF and are
reasonably well embedded in the ASF web of trust
- - Every Tomcat release artefact is signed by the release manager and
the signatures checked my multiple Tomcat committers
- - There is an automated process that checks every binary uploaded to
the ASF distribution area and it complains loudly if there is a
problem with the signatures (we got a nag this afternoon because I
moved some things around and missed a few files) [1]

It looks very much like your OpenPGP configuration is bad or you have
a corrupted download. Try obtaining the file from a different mirror
or direct from the ASF master copy.

I have also signed this message. If you can't verify that signature,
it is more likely to be a local issue.

Mark


[1] http://people.apache.org/~henkp/checker/sig.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPHxPyAAoJEBDAHFovYFnn/GUQAKuSm+VCV+SworFjEHRxv1mk
VyMdGEiOotxEOzdtU7iU/6yJFzgWacWRPd34kLMkzLbVjWtnllSSqZIuqSBJEEFR
g0KpC+ybYL26zikxFM3KdhEfCj9iwk8T8MXPM1y7ZqZITP+TPsV/qsRylacRTolV
Z5YQMUfxa+sdcWLKr/w3+eiRFvXuAEKOzmR6LrMlMN3DH2Vwv4z11QZoXHg0VhIr
gPwfVawN/2bkVQL/c4rgYy3ycClDYGFhHm9ixrNfgsXESuzJnaD295jiBCg+WEL+
9xA0cjDFmyzF1kHuHyxwaDxhL/gWBnImonkkjGXvKIuNiO/ADy4PAzhS7hDKNlV/
x6F+6v6KwV800b9nWJaHqBiyEhb4hbDAkUJZhmwWEvVfuMWPritw+B8uIXpHPefV
5XqoQzSR8otc6Z4/QIrk/1jcAu81WGPg5kGhWLc8+eB3fua+oMhBJN5fBdORyaL1
SnjWE1pOWprSE4yAxAVO1r31D9eexfMUH7ybOPJXUZLWxErQrOMucsahBKBiyc4w
4lybDhUooET5JOsx9MsHJZnQVK4GYnxHduPNA7PCw/aprIn+RnW3hwZ4w6iOp2/P
cu9idUfNXT1J5zP/agRfsf4KYzQJ1bVRLrXcK7prhETea1vycNT7FWQ1T4yezYvo
pBWE03DZ3S4obG4h62Ra
=oRUZ
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message