[
https://issues.apache.org/jira/browse/HIVE-18870?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
dud updated HIVE-18870:
-----------------------
Description:
Hello
the [GPG
signature|https://www.apache.org/dist/hive/hive-2.3.2/apache-hive-2.3.2-bin.tar.gz.asc]
of the 2.3.2 Hive release is invalid preventing users to verify the downloaded
archive :
{code:java}
$ gpg --primary-keyring /tmp/tmp.0xXkR5pkws.gpg --import ./hive-KEYS
gpg: key 085BCB4D2E765AE1: public key "Ashish Thusoo (CODE SIGNING KEY)
<athu...@apache.org>" imported
gpg: key E36CD0AA4626191C: public key "Zheng Shao (Zheng Shao)
<zs...@apache.org>" imported
gpg: key 0CA0FF40EDAC684E: public key "Carl W. Steinbach (CODE SIGNING KEY)
<c...@cloudera.com>" imported
gpg: key 2036CB247AC28520: public key "John Sichi (CODE SIGNING KEY)
<j...@apache.org>" imported
gpg: key E193B38C2305CA1C: public key "Ashutosh Chauhan <hashut...@apache.org>"
imported
gpg: key 5E1840C075E68997: public key "Thejas Nair (CODE SIGNING KEY)
<the...@apache.org>" imported
gpg: key 4814E367885D649D: public key "Harish Butani (CODE SIGNING KEY)
<rhbut...@apache.org>" imported
gpg: key 1EADB7814530BADE: public key "Sushanth Sowmyan (CODE SIGNING KEY)
<khorg...@apache.org>" imported
gpg: key D90DF4E28EE6E329: public key "Thejas M Nair (CODE SIGNING KEY 2)
<the...@apache.org>" imported
gpg: key A645F24823724330: public key "Gunther Hagleitner (CODE SIGNING KEY)
<gunt...@apache.org>" imported
gpg: key 1209E7F13D0C92B9: 8 duplicate signatures removed
gpg: key 1209E7F13D0C92B9: 47 signatures not checked due to missing keys
gpg: key 1209E7F13D0C92B9: public key "Owen O'Malley (Code signing)
<omal...@apache.org>" imported
gpg: key 88BD3F5704D9B832: public key "Alan Gates (No comment)
<ga...@yahoo-inc.com>" imported
gpg: key D0111CE83C2F98F8: public key "Sergio Pena <sp...@apache.org>" imported
gpg: key BBDD5B6642FE69CE: public key "stakiar <takiar.sa...@gmail.com>"
imported
gpg: Total number processed: 14
gpg: imported: 14
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 4 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1 valid: 4 signed: 0 trust: 2-, 0q, 0n, 2m, 0f, 0u
gpg: next trustdb check due at 2022-07-10
$ gpg --primary-keyring /tmp/tmp.0xXkR5pkws.gpg --verify
/tmp/hive/apache-hive-2.3.2-bin.tar.gz.asc
/tmp/hive/apache-hive-2.3.2-bin.tar.gz
gpg: Signature made jeu. 09 nov. 2017 20:32:14 CET
gpg: using RSA key B21AE8EEA5105E6CA3F9EFA1BBDD5B6642FE69CE
gpg: BAD signature from "stakiar <takiar.sa...@gmail.com>" [unknown]
{code}
I've already contacted [~stakiar] some weeks ago about this issue but
unfortunatelely the signature hasn't been fixed yet.
Regards
dud
was:
Hello
the [GPG
signature|https://www.apache.org/dist/hive/hive-2.3.2/apache-hive-2.3.2-bin.tar.gz.asc]
of the 2.3.2 Hive release is invalid preventing users to verify the downloaded
archive :
{code:java}
gpg --primary-keyring /tmp/tmp.0xXkR5pkws.gpg --import ./hive-KEYS
gpg: key 085BCB4D2E765AE1: public key "Ashish Thusoo (CODE SIGNING KEY)
<athu...@apache.org>" imported
gpg: key E36CD0AA4626191C: public key "Zheng Shao (Zheng Shao)
<zs...@apache.org>" imported
gpg: key 0CA0FF40EDAC684E: public key "Carl W. Steinbach (CODE SIGNING KEY)
<c...@cloudera.com>" imported
gpg: key 2036CB247AC28520: public key "John Sichi (CODE SIGNING KEY)
<j...@apache.org>" imported
gpg: key E193B38C2305CA1C: public key "Ashutosh Chauhan <hashut...@apache.org>"
imported
gpg: key 5E1840C075E68997: public key "Thejas Nair (CODE SIGNING KEY)
<the...@apache.org>" imported
gpg: key 4814E367885D649D: public key "Harish Butani (CODE SIGNING KEY)
<rhbut...@apache.org>" imported
gpg: key 1EADB7814530BADE: public key "Sushanth Sowmyan (CODE SIGNING KEY)
<khorg...@apache.org>" imported
gpg: key D90DF4E28EE6E329: public key "Thejas M Nair (CODE SIGNING KEY 2)
<the...@apache.org>" imported
gpg: key A645F24823724330: public key "Gunther Hagleitner (CODE SIGNING KEY)
<gunt...@apache.org>" imported
gpg: key 1209E7F13D0C92B9: 8 duplicate signatures removed
gpg: key 1209E7F13D0C92B9: 47 signatures not checked due to missing keys
gpg: key 1209E7F13D0C92B9: public key "Owen O'Malley (Code signing)
<omal...@apache.org>" imported
gpg: key 88BD3F5704D9B832: public key "Alan Gates (No comment)
<ga...@yahoo-inc.com>" imported
gpg: key D0111CE83C2F98F8: public key "Sergio Pena <sp...@apache.org>" imported
gpg: key BBDD5B6642FE69CE: public key "stakiar <takiar.sa...@gmail.com>"
imported
gpg: Total number processed: 14
gpg: imported: 14
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 4 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1 valid: 4 signed: 0 trust: 2-, 0q, 0n, 2m, 0f, 0u
gpg: next trustdb check due at 2022-07-10
gpg --primary-keyring /tmp/tmp.0xXkR5pkws.gpg --verify
/tmp/hive/apache-hive-2.3.2-bin.tar.gz.asc
/tmp/hive/apache-hive-2.3.2-bin.tar.gz
gpg: Signature made jeu. 09 nov. 2017 20:32:14 CET
gpg: using RSA key B21AE8EEA5105E6CA3F9EFA1BBDD5B6642FE69CE
gpg: BAD signature from "stakiar <takiar.sa...@gmail.com>" [unknown]
{code}
I've already contacted [~stakiar] some weeks ago about this issue but
unfortunatelely the signature hasn't been fixed yet.
Regards
dud
> Invalid GPG signature of the 2.3.2 release
> ------------------------------------------
>
> Key: HIVE-18870
> URL: https://issues.apache.org/jira/browse/HIVE-18870
> Project: Hive
> Issue Type: Bug
> Affects Versions: 2.3.2
> Reporter: dud
> Priority: Critical
>
> Hello
> the [GPG
> signature|https://www.apache.org/dist/hive/hive-2.3.2/apache-hive-2.3.2-bin.tar.gz.asc]
> of the 2.3.2 Hive release is invalid preventing users to verify the
> downloaded archive :
>
> {code:java}
> $ gpg --primary-keyring /tmp/tmp.0xXkR5pkws.gpg --import ./hive-KEYS
> gpg: key 085BCB4D2E765AE1: public key "Ashish Thusoo (CODE SIGNING KEY)
> <athu...@apache.org>" imported
> gpg: key E36CD0AA4626191C: public key "Zheng Shao (Zheng Shao)
> <zs...@apache.org>" imported
> gpg: key 0CA0FF40EDAC684E: public key "Carl W. Steinbach (CODE SIGNING KEY)
> <c...@cloudera.com>" imported
> gpg: key 2036CB247AC28520: public key "John Sichi (CODE SIGNING KEY)
> <j...@apache.org>" imported
> gpg: key E193B38C2305CA1C: public key "Ashutosh Chauhan
> <hashut...@apache.org>" imported
> gpg: key 5E1840C075E68997: public key "Thejas Nair (CODE SIGNING KEY)
> <the...@apache.org>" imported
> gpg: key 4814E367885D649D: public key "Harish Butani (CODE SIGNING KEY)
> <rhbut...@apache.org>" imported
> gpg: key 1EADB7814530BADE: public key "Sushanth Sowmyan (CODE SIGNING KEY)
> <khorg...@apache.org>" imported
> gpg: key D90DF4E28EE6E329: public key "Thejas M Nair (CODE SIGNING KEY 2)
> <the...@apache.org>" imported
> gpg: key A645F24823724330: public key "Gunther Hagleitner (CODE SIGNING KEY)
> <gunt...@apache.org>" imported
> gpg: key 1209E7F13D0C92B9: 8 duplicate signatures removed
> gpg: key 1209E7F13D0C92B9: 47 signatures not checked due to missing keys
> gpg: key 1209E7F13D0C92B9: public key "Owen O'Malley (Code signing)
> <omal...@apache.org>" imported
> gpg: key 88BD3F5704D9B832: public key "Alan Gates (No comment)
> <ga...@yahoo-inc.com>" imported
> gpg: key D0111CE83C2F98F8: public key "Sergio Pena <sp...@apache.org>"
> imported
> gpg: key BBDD5B6642FE69CE: public key "stakiar <takiar.sa...@gmail.com>"
> imported
> gpg: Total number processed: 14
> gpg: imported: 14
> gpg: marginals needed: 3 completes needed: 1 trust model: pgp
> gpg: depth: 0 valid: 1 signed: 4 trust: 0-, 0q, 0n, 0m, 0f, 1u
> gpg: depth: 1 valid: 4 signed: 0 trust: 2-, 0q, 0n, 2m, 0f, 0u
> gpg: next trustdb check due at 2022-07-10
> $ gpg --primary-keyring /tmp/tmp.0xXkR5pkws.gpg --verify
> /tmp/hive/apache-hive-2.3.2-bin.tar.gz.asc
> /tmp/hive/apache-hive-2.3.2-bin.tar.gz
> gpg: Signature made jeu. 09 nov. 2017 20:32:14 CET
> gpg: using RSA key B21AE8EEA5105E6CA3F9EFA1BBDD5B6642FE69CE
> gpg: BAD signature from "stakiar <takiar.sa...@gmail.com>" [unknown]
> {code}
> I've already contacted [~stakiar] some weeks ago about this issue but
> unfortunatelely the signature hasn't been fixed yet.
> Regards
> dud
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
