Hi, Today I downloaded Solr 6.2.0 from apache.org along with the keys and MD5
~# wget http://www-us.apache.org/dist/lucene/solr/6.2.0/KEYS ~# wget http://www-us.apache.org/dist/lucene/solr/6.2.0/solr-6.2.0.zip.asc ~# wget http://www-us.apache.org/dist/lucene/solr/6.2.0/solr-6.2.0.tgz ~# wget http://www-us.apache.org/dist/lucene/solr/6.2.0/solr-6.2.0.zip.md5 I imported the keys and attempted to verify... ~# gpg --import KEYS ~# gpg --verify solr-6.2.0.zip.asc solr-6.2.0.tgz But got the following error... gpg: Signature made Sat 20 Aug 2016 21:42:56 NZST using DSA key ID 6E68DA61 gpg: BAD signature from "Michael McCandless (CODE SIGNING KEY) I have downloaded again from another machine with the same result. Is there a problem with the signing of this package? I am hesitant to install it on our servers in this state. Regards, Malcolm. [UNCLASSIFIED] -- CONFIDENTIALITY NOTICE The information in this email is confidential to the Treasury, intended only for the addressee(s), and may also be legally privileged. If you are not an intended addressee: a. please immediately delete this email and notify the Treasury by return email or telephone (64 4 472 2733); b. any use, dissemination or copying of this email is strictly prohibited and may be unlawful.
