[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Orekit Users] new orekit version



Thanks Luc, it works for me now.

Evan

On 02/11/2016 10:31 AM, MAISONOBE Luc wrote:
>
> Evan Ward <evan.ward@nrl.navy.mil> a écrit :
>
>> Hi,
>
> Hi Evan,
>
>>
>> A colleague of mine is trying to verify the PGP signatures on the
>> recently released Orekit 7.1 sources. I've tried as well and it seems
>> that the signature file orekit-7.1-sources.jar.asc doesn't match
>> orekit-7.1-sources.zip. Am I comparing the right files or is there some
>> mistake with the signature?
>
> Ooops. My bad.
>
> The orekit-7.1-sources.jar.asc correspond to file orekit-7.1-sources.jar,
> which is a maven artifact, not the source distribution. This file is
> intended for IDE like eclipse, it is distributed here:
>   <http://repo1.maven.org/maven2/org/orekit/orekit/7.1/>
>
> I removed this spurious signature file form the files section in the
> forge
> and uploaded the correct signature file for orekit-7.1-sources.zip, which
> is named orekit-7.1-sources.zip.asc.
>
> Thanks for reporting the issue.
>
> best regards,
> Luc
>
>>
>> Best Regards,
>> Evan
>>
>>
>> On 02/11/2016 09:25 AM, Bill Immerman wrote:
>>> I probably just downloaded it with gpg from some default keyserver.
>>> When you try to verify with gpg and don’t have a matching key, it
>>> tells you what the key it’s looking for is, and I usually just
>>> request that key with —recv-key option.
>>>
>>> The error I got this time was different … it said it was a bad key.
>>>
>>> Bill
>>>
>>>> On Feb 11, 2016, at 7:43 AM, Evan Ward <evan.ward@nrl.navy.mil> wrote:
>>>>
>>>> Where did you find the public key? I haven't actually tried to
>>>> verify a
>>>> PGP signature before.
>>>>
>>>> Thanks,
>>>> Evan
>>>>
>>>>
>>>> On 02/11/2016 02:25 AM, William Immerman wrote:
>>>>> Hey Evan—
>>>>>
>>>>> You might want to note to whoever maintains repository/website
>>>>> that the signature file for the new orekit version seems to be
>>>>> named wrong (orekit-7.1-sources.jar.asc instead of
>>>>> orekit-7.1-sources.zip.asc), and more importantly, it indicates a
>>>>> bad signature when I try to verify it. The MD5 checksum on the
>>>>> downloaded file matches the website’s published value.
>>>>>
>>>>> Please let me know if the signature was wrong, or if the published
>>>>> source zip file is suspect?
>>>>>
>>>>> Thanks,
>>>>> Bill
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>
>