Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PGP signature verification failed! #731

Open
0-x-2-2 opened this issue Sep 1, 2023 · 1 comment
Open

PGP signature verification failed! #731

0-x-2-2 opened this issue Sep 1, 2023 · 1 comment

Comments

@0-x-2-2
Copy link

0-x-2-2 commented Sep 1, 2023 

One artifact failed verification: gradle-git-version-3.0.0.pom (com.palantir.gradle.gitversion:gradle-git-version:3.0.0) from repository gradle
This can indicate that a dependency has been compromised. Please carefully verify the signatures and checksums.

The artifact was signed with key bf3a87d91b70be32cad64a2645d0caa6d26b0f7d (Open Source <opensource@palantir.com>) but the signature didn't match

<component group="com.palantir.gradle.gitversion" name="gradle-git-version" version="3.0.0">
         <artifact name="gradle-git-version-3.0.0.jar">
            <pgp value="bf3a87d91b70be32cad64a2645d0caa6d26b0f7d"/>
            <sha256 value="3ed9e1d890829703c18737e6619d0544fb5f9a3c4147c24c29228af42177556f" origin="Generated by Gradle"/>
         </artifact>
         <artifact name="gradle-git-version-3.0.0.pom">
            <sha256 value="55b54781af0fb1a362b1745b73e673c0e520e3b1d43d203f3bcc03cc0d1774a6" origin="Generated by Gradle" reason="PGP signature verification failed!"/>
         </artifact>
      </component>
@0-x-2-2
Copy link
Author

0-x-2-2 commented Sep 28, 2023
edited

Bump, if anyone knows a contact email for someone who can actually fix the issue with invalid signatures on maven metadata in releases that would be nice.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@0-x-2-2