FALSCHE Unterschrift von "Werner Koch (gnupg sig) <dd9jn@gnu.org>"

Werner Koch wk@gnupg.org
Mon, 13 Nov 2000 10:22:14 +0100


On Sun, 12 Nov 2000, Joerg Soos wrote:


> Hy,
> i am a little bit confused about the results of checking the (my first)
> installation of gnupg-1.0.4: a wrong signiture of Werner Koch and
Someone has tampered with that tarball or there was a problem while downloading it (are you sure, that you used binary mode?).
> one (from Ulrik Dickow) with a invalide date. Or can i just ignore this
Don't care about key signatures which are outdated.
> jws@linux:~ > md5sum privacy_tars/gnupg-1.0.4.tar.gz
> 8db4fe7df0b9d8535e4ff6fc7611a56c privacy_tars/gnupg-1.0.4.tar.gz
$ md5sum gnupg-1.0.4.tar.gz bef2267bfe9b74a00906a78db34437f9 gnupg-1.0.4.tar.gz Do a tar tzvf gnupg-1.0.4.tar.gz to see whether the download was okay. If this is okay, you can assume that someone really has tampered with it. Get a copy from ftp.gnupg.org and compare both archives: mkdir franken cd franken tar xzvf gnupg-1.0.4.tar.gz (franken) cd .. mkdir orig cd orig tar xzvf gnupg-1.0.4.tar.gz (ftp.gnupg.org) cd .. diff -urN orig franken Werner -- Archive is at http://lists.gnupg.org - Unsubscribe by sending mail with a subject of "unsubscribe" to gnupg-users-request@gnupg.org