core.ring.gr.jp から採ってきたmavenを解凍しようとしたら…

$ tar tjf apache-maven-2.0.9-bin.tar.bz2
apache-maven-2.0.9/conf/
apache-maven-2.0.9/LICENSE.txt
apache-maven-2.0.9/NOTICE.txt
apache-maven-2.0.9/README.txt
apache-maven-2.0.9/bin/m2.bat
apache-maven-2.0.9/bin/m2.conf
apache-maven-2.0.9/bin/mvn.bat
apache-maven-2.0.9/bin/mvnDebug.bat
apache-maven-2.0.9/bin/m2
apache-maven-2.0.9/bin/mvn
apache-maven-2.0.9/bin/mvnDebug
apache-maven-2.0.9/conf/settings.xml
apache-maven-2.0.9/lib/maven-2.0.9-uber.jar
apache-maven-2.0.9/boot/classworlds-1.1.jar
tar: A lone zero block at 4498

なんじゃらほい．とりあえず，gpgで検証してみるか．

$ gpg --verify apache-maven-2.0.9-bin.tar.bz2.asc 
gpg: Signature made 火  4/ 8 01:23:22 2008 JST using DSA key ID 3C062231
gpg: Can't check signature: public key not found

そうすか．では…．

$ gpg --recv-keys 3C062231
gpg: requesting key 3C062231 from hkp server subkeys.pgp.net
gpg: key 3C062231: public key "Brian E Fox <brianf@apache.org>" imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: Total number processed: 1
gpg:               imported: 1
$ gpg --verify apache-maven-2.0.9-bin.tar.bz2.asc 
gpg: Signature made 火  4/ 8 01:23:22 2008 JST using DSA key ID 3C062231
gpg: Good signature from "Brian E Fox <brianf@apache.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 998A F0E2 B935 996F 5CEB  D56B 9B1F DA9F 3C06 2231

ふーん．Good signature ねぇ．

似たような症状はwebでもみつかる．
どうやらGNU tarの仕様というかバグというか，らしい? しかし，

もし、このメッセージが気になるのなら、-iか--ignore-zerosをつけて実行すればよい。(ignore zeroed blocks in archive)

apache-maven-2.0.9/boot/classworlds-1.1.jar
tar: Skipping to next header
tar: Error exit delayed from previous errors

まあ，バージョンによりこの辺の挙動は異なるのだろうなぁ．