[jira] [Created] (HIVE-18870) Invalid GPG signature of the 2.3.2 release

[dud (JIRA)]

dud created HIVE-18870:
--------------------------

             Summary: Invalid GPG signature of the 2.3.2 release
                 Key: HIVE-18870
                 URL: https://issues.apache.org/jira/browse/HIVE-18870
             Project: Hive
          Issue Type: Bug
    Affects Versions: 2.3.2
            Reporter: dud


Hello

the [GPG 
signature|https://www.apache.org/dist/hive/hive-2.3.2/apache-hive-2.3.2-bin.tar.gz.asc]
 of the 2.3.2 Hive release is invalid preventing users to verify the downloaded 
archive :

 
{code:java}
gpg --primary-keyring /tmp/tmp.0xXkR5pkws.gpg --import ./hive-KEYS
gpg: key 085BCB4D2E765AE1: public key "Ashish Thusoo (CODE SIGNING KEY) 
<athu...@apache.org>" imported
gpg: key E36CD0AA4626191C: public key "Zheng Shao (Zheng Shao) 
<zs...@apache.org>" imported
gpg: key 0CA0FF40EDAC684E: public key "Carl W. Steinbach (CODE SIGNING KEY) 
<c...@cloudera.com>" imported
gpg: key 2036CB247AC28520: public key "John Sichi (CODE SIGNING KEY) 
<j...@apache.org>" imported
gpg: key E193B38C2305CA1C: public key "Ashutosh Chauhan <hashut...@apache.org>" 
imported
gpg: key 5E1840C075E68997: public key "Thejas Nair (CODE SIGNING KEY) 
<the...@apache.org>" imported
gpg: key 4814E367885D649D: public key "Harish Butani (CODE SIGNING KEY) 
<rhbut...@apache.org>" imported
gpg: key 1EADB7814530BADE: public key "Sushanth Sowmyan (CODE SIGNING KEY) 
<khorg...@apache.org>" imported
gpg: key D90DF4E28EE6E329: public key "Thejas M Nair (CODE SIGNING KEY 2) 
<the...@apache.org>" imported
gpg: key A645F24823724330: public key "Gunther Hagleitner (CODE SIGNING KEY) 
<gunt...@apache.org>" imported
gpg: key 1209E7F13D0C92B9: 8 duplicate signatures removed
gpg: key 1209E7F13D0C92B9: 47 signatures not checked due to missing keys
gpg: key 1209E7F13D0C92B9: public key "Owen O'Malley (Code signing) 
<omal...@apache.org>" imported
gpg: key 88BD3F5704D9B832: public key "Alan Gates (No comment) 
<ga...@yahoo-inc.com>" imported
gpg: key D0111CE83C2F98F8: public key "Sergio Pena <sp...@apache.org>" imported
gpg: key BBDD5B6642FE69CE: public key "stakiar <takiar.sa...@gmail.com>" 
imported
gpg: Total number processed: 14
gpg:               imported: 14
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   4  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:   4  signed:   0  trust: 2-, 0q, 0n, 2m, 0f, 0u
gpg: next trustdb check due at 2022-07-10
gpg --primary-keyring /tmp/tmp.0xXkR5pkws.gpg --verify 
/tmp/hive/apache-hive-2.3.2-bin.tar.gz.asc 
/tmp/hive/apache-hive-2.3.2-bin.tar.gz
gpg: Signature made jeu. 09 nov. 2017 20:32:14 CET
gpg:                using RSA key B21AE8EEA5105E6CA3F9EFA1BBDD5B6642FE69CE
gpg: BAD signature from "stakiar <takiar.sa...@gmail.com>" [unknown]
{code}
I've already contacted [~stakiar] some weeks ago about this issue but 
unfortunatelely the signature hasn't been fixed yet.

Regards

dud



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)