FALSCHE Unterschrift von "Werner Koch (gnupg sig) <firstname.lastname@example.org>"
Mon, 13 Nov 2000 10:22:14 +0100
On Sun, 12 Nov 2000, Joerg Soos wrote:
> i am a little bit confused about the results of checking the (my first)
> installation of gnupg-1.0.4: a wrong signiture of Werner Koch and
Someone has tampered with that tarball or there was a problem while
downloading it (are you sure, that you used binary mode?).
> one (from Ulrik Dickow) with a invalide date. Or can i just ignore this
Don't care about key signatures which are outdated.
> jws@linux:~ > md5sum privacy_tars/gnupg-1.0.4.tar.gz
> 8db4fe7df0b9d8535e4ff6fc7611a56c privacy_tars/gnupg-1.0.4.tar.gz
$ md5sum gnupg-1.0.4.tar.gz
tar tzvf gnupg-1.0.4.tar.gz
to see whether the download was okay. If this is okay, you can
assume that someone really has tampered with it. Get a copy from
ftp.gnupg.org and compare both archives:
tar xzvf gnupg-1.0.4.tar.gz (franken)
tar xzvf gnupg-1.0.4.tar.gz (ftp.gnupg.org)
diff -urN orig franken
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to email@example.com