md5sum for egd, gnupg

Adam Pavelec
Wed Aug 13 20:34:02 2003

On Wednesday, August 13, 2003 1:33 PM [GMT-5=EST], Ross Druker
<> wrote:

> Hi,
> I'm trying to verify the md5sum for egd.  When I download the sum
> file from this page:
> I get the file:
> It displays as this:
> Version: GnuPG v1.0.1 (GNU/Linux)
> Comment: For info see
> iD8DBQA5HggpLnyKqEtxxE4RAoOkAJ9Bb5uHUWoQe4BQH1XPD9IoAsifyQCg5SGE
> KrAW9vlz+E8WYQcDp+gEC9w=
> =Wvmm
> This does not match at all with what md5sum displays for the actual
> file, nor does the content even look right.
> I asked another user to try and he couldn't even display this in his
>  browser. He had to download it.  Then, when he tried to display it,
> it was binary.
> I get the same problem with the md5sum file for gnupg, but at least
> its sum is posted on another page, so I could use that.
> Anybody know what the problem is?  I did notice that the gnupg file
> ends in .sig, which the egd file ends in .asc.
> Thanks,
> Ross

I /think/ the signature was linked to the wrong file.  Both the FTP and
HTTP links grabbed <gnupg-1.2.2.tar.bz2.sig> when I first checked.  A
few minutes later they grabbed <egd-0.8.tar.gz.asc>, which when
verified, gave this output:

Signature made 05/13/00 21:58:01  using DSA key ID 4B71C44E
Good signature from "expired (see
for my current key) <>"
                aka "Brian Warner (home) <>"
Note: This key has expired!
Primary key fingerprint: FB31 2FCE 0978 3644 BEB4  9432 2E7C 8AA8 4B71

File: egd-0.8.tar.gz.asc
Time: 8/13/2003 2:31:07 PM (8/13/2003 6:31:07 PM UTC)

So, it appears that the linkage was grabbing the wrong files; and your
query prompted the webmaster to correct the linkage.