failure to verify a message with 1.4.0
martin f krafft
madduck at debian.org
Thu May 19 23:41:37 CEST 2005
Hi there,
I just stumbled over this problem today and wanted to make sure it's
known. I received a message over a Debian mailing list which failed
to verify ("BADSIG") in mutt when verified against the Debian gnupg
package 1.4.0-2. The same message does verify fine with 1.2.5-3 and
1.4.1-1.
If this is a known bug, I apologise. However, I am still providing
you with all the information to make sure that it's not a lingering
Heisenbug or something of that sort in 1.4.x versions.
*** If this is not known, please let me know ASAP as we might be
facing a security-grade bug in 1.4.1-1, which is about to go into
Debian sarge. If possible, also include security at debian.org in such
a reply ***
The message (in an mbox):
http://madduck.net/~madduck/scratch/roberto.mbox
Size: 4923
MD5: cfb69c8464140a33f5c281a50ea7126e
The binary:
2649ac364358281f4bf1b13e31335dfa 797452 /usr/bin/gpg
The package:
http://madduck.net/~madduck/scratch/gnupg_1.4.0-2_i386.deb.SUSPECT
Size: 1844922
MD5: 1978fe19f44e68e350dc4bf187d85b6a
Either way -- please CC me on replies and let me know the
resolution.
Thanks a lot.
--
.''`. martin f. krafft <madduck at debian.org>
: :' : proud Debian developer, admin, user, and author
`. `'`
`- Debian - when you have better things to do than fixing a system
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
"man kann die menschen nur von ihren eigenen meinungen überzeugen."
-- charles tschopp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/attachments/20050519/3895aeb2/attachment.pgp
More information about the Gnupg-devel
mailing list