md5sum for egd, gnupg
Wed Aug 13 20:34:02 2003
On Wednesday, August 13, 2003 1:33 PM [GMT-5=EST], Ross Druker
> I'm trying to verify the md5sum for egd. When I download the sum
> file from this page:
> I get the file:
> It displays as this:
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.1 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
> -----END PGP SIGNATURE-----
> This does not match at all with what md5sum displays for the actual
> file, nor does the content even look right.
> I asked another user to try and he couldn't even display this in his
> browser. He had to download it. Then, when he tried to display it,
> it was binary.
> I get the same problem with the md5sum file for gnupg, but at least
> its sum is posted on another page, so I could use that.
> Anybody know what the problem is? I did notice that the gnupg file
> ends in .sig, which the egd file ends in .asc.
I /think/ the signature was linked to the wrong file. Both the FTP and
HTTP links grabbed <gnupg-1.2.2.tar.bz2.sig> when I first checked. A
few minutes later they grabbed <egd-0.8.tar.gz.asc>, which when
verified, gave this output:
Signature made 05/13/00 21:58:01 using DSA key ID 4B71C44E
Good signature from "expired (see http://www.lothar.com/warner-gpg.html
for my current key) <firstname.lastname@example.org>"
aka "Brian Warner (home) <email@example.com>"
Note: This key has expired!
Primary key fingerprint: FB31 2FCE 0978 3644 BEB4 9432 2E7C 8AA8 4B71
Time: 8/13/2003 2:31:07 PM (8/13/2003 6:31:07 PM UTC)
So, it appears that the linkage was grabbing the wrong files; and your
query prompted the webmaster to correct the linkage.