Need signature for patch

George Sinclair gsinclair@nodc.noaa.gov
Tue, 2 Jan 2001 10:58:09 -0500 (EST)


Hello,

I would like to upgrade my version of GNUPG from 1.0.2 to 1.0.4. In
perusing the gnupg page (http://www.gnupg.org/download.html), I see no
MD5 checksum or signature file for the 1.0.4 patch itself. Instead, there
is *only* one for "gnupg-1.0.3-1.0.4.diff.gz", but not one for
"gnupg-1.0.4.security-patch1.diff". I checked the ftp server as well -
nada. This seems odd.

Additionally, in accessing the page: http://www.gnupg.org/download.html,
I see the following:

  Please also install the following important patch:
  ftp://ftp.gnupg.org/pub/gcrypt/gnupg/gnupg-1.0.4.security-patch1.diff 
  OpenPGP signature for this file. 

"signature" is apparently a link to:
 ftp://ftp.gnupg.org/pub/gcrypt/gnupg/gnupg-1.0.4.tar.gz.sig

1. Shouldn't this instead be a link to the patch file's signature?
2. Where is the patch file's signature, anyway?
3. When I click on the link, I only see a few characters like this:

   ^?

   maybe a few more if accessing from a PC but just as ugly. It
   certainly doesn't look like a signature.

Where can I obtain a signature for the patch? If I have a signature
for the upgrade itself but no signature for the patch, I'm kinda
stuck!

Any help would be appreciated.

Thanks.

George Sinclair
gsinclair@nodc.noaa.gov

-- 
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of  "unsubscribe"  to gnupg-users-request@gnupg.org