[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Orekit Users] new orekit version



Hi,

A colleague of mine is trying to verify the PGP signatures on the
recently released Orekit 7.1 sources. I've tried as well and it seems
that the signature file orekit-7.1-sources.jar.asc doesn't match
orekit-7.1-sources.zip. Am I comparing the right files or is there some
mistake with the signature?

Best Regards,
Evan


On 02/11/2016 09:25 AM, Bill Immerman wrote:
> I probably just downloaded it with gpg from some default keyserver. When you try to verify with gpg and don’t have a matching key, it tells you what the key it’s looking for is, and I usually just request that key with —recv-key option.
>
> The error I got this time was different … it said it was a bad key.
>
> Bill
>
>> On Feb 11, 2016, at 7:43 AM, Evan Ward <evan.ward@nrl.navy.mil> wrote:
>>
>> Where did you find the public key? I haven't actually tried to verify a
>> PGP signature before.
>>
>> Thanks,
>> Evan
>>
>>
>> On 02/11/2016 02:25 AM, William Immerman wrote:
>>> Hey Evan—
>>>
>>> You might want to note to whoever maintains repository/website that the signature file for the new orekit version seems to be named wrong (orekit-7.1-sources.jar.asc instead of orekit-7.1-sources.zip.asc), and more importantly, it indicates a bad signature when I try to verify it. The MD5 checksum on the downloaded file matches the website’s published value.
>>>
>>> Please let me know if the signature was wrong, or if the published source zip file is suspect?
>>>
>>> Thanks,
>>> Bill
>>>
>>>
>>>
>>
>
>