I found a bad signature in the ant repository:
Computer:~ $ gpg --verify apache-ant-1.7.0-bin.zip.asc apache-
ant-1.7.0-bin.zip
gpg: Signature made Wed Dec 13 04:33:32 2006 PST using DSA key ID
265B4C63
gpg: BAD signature from "Antoine Levy-Lambert (Apache Ant Committer)
<[EMAIL PROTECTED]>"
A similar file in the same repository has a good sig (with a warning)
from the same person:
Computer:~ $ gpg --verify ant-current-bin.zip.asc /Applications/ant-
current-bin.zip
gpg: Signature made Wed Dec 13 04:33:32 2006 PST using DSA key ID
265B4C63
gpg: Good signature from "Antoine Levy-Lambert (Apache Ant Committer)
<[EMAIL PROTECTED]>"
gpg: aka "Antoine Levy-Lambert (Apache Ant Committer)
<[EMAIL PROTECTED]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to
the owner.
Primary key fingerprint: 06A2 28AA B83A 18A8 DF7B 84B0 8614 D6AB
265B 4C63
Interestingly, a file had the same problem with the same signature a
year and a half ago: http://marc.info/?l=ant-dev&m=115432289117424&w=2
Is this a problem that a lot of people have run into?
Aaron
Seattle, USA
