FALSCHE Unterschrift von "Werner Koch (gnupg sig) <dd9jn@gnu.org>"
Werner Koch
wk@gnupg.org
Mon, 13 Nov 2000 10:22:14 +0100
On Sun, 12 Nov 2000, Joerg Soos wrote:
> Hy,
> i am a little bit confused about the results of checking the (my first)
> installation of gnupg-1.0.4: a wrong signiture of Werner Koch and
Someone has tampered with that tarball or there was a problem while
downloading it (are you sure, that you used binary mode?).
> one (from Ulrik Dickow) with a invalide date. Or can i just ignore this
Don't care about key signatures which are outdated.
> jws@linux:~ > md5sum privacy_tars/gnupg-1.0.4.tar.gz
> 8db4fe7df0b9d8535e4ff6fc7611a56c privacy_tars/gnupg-1.0.4.tar.gz
$ md5sum gnupg-1.0.4.tar.gz
bef2267bfe9b74a00906a78db34437f9 gnupg-1.0.4.tar.gz
Do a
tar tzvf gnupg-1.0.4.tar.gz
to see whether the download was okay. If this is okay, you can
assume that someone really has tampered with it. Get a copy from
ftp.gnupg.org and compare both archives:
mkdir franken
cd franken
tar xzvf gnupg-1.0.4.tar.gz (franken)
cd ..
mkdir orig
cd orig
tar xzvf gnupg-1.0.4.tar.gz (ftp.gnupg.org)
cd ..
diff -urN orig franken
Werner
--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org