failure to verify a message with 1.4.0

martin f krafft madduck at
Thu May 19 23:41:37 CEST 2005

Hi there,

I just stumbled over this problem today and wanted to make sure it's
known. I received a message over a Debian mailing list which failed
to verify ("BADSIG") in mutt when verified against the Debian gnupg
package 1.4.0-2. The same message does verify fine with 1.2.5-3 and

If this is a known bug, I apologise. However, I am still providing
you with all the information to make sure that it's not a lingering
Heisenbug or something of that sort in 1.4.x versions.

*** If this is not known, please let me know ASAP as we might be
facing a security-grade bug in 1.4.1-1, which is about to go into
Debian sarge. If possible, also include security at in such
a reply ***

The message (in an mbox):
  Size: 4923
  MD5: cfb69c8464140a33f5c281a50ea7126e

The binary:
  2649ac364358281f4bf1b13e31335dfa  797452  /usr/bin/gpg

The package:
  Size: 1844922
  MD5: 1978fe19f44e68e350dc4bf187d85b6a

Either way -- please CC me on replies and let me know the

Thanks a lot.

 .''`.     martin f. krafft <madduck at>
: :'  :    proud Debian developer, admin, user, and author
`. `'`
  `-  Debian - when you have better things to do than fixing a system
Invalid/expired PGP subkeys? Use as keyserver!
"man kann die menschen nur von ihren eigenen meinungen überzeugen."
                                                    -- charles tschopp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/attachments/20050519/3895aeb2/attachment.pgp

More information about the Gnupg-devel mailing list