Was www.gnupg.org compromised?
Mon May 12 21:19:03 2003
Content-Type: text/plain; charset=us-ascii
On Mon, May 12, 2003 at 02:12:49PM -0400, mike ledoux wrote:
> I've just tried to download GnuPG 1.2.2 sources to upgrade, and am
> having some problems. The bz2 link on the website claims to be
> 2.1MB, the copy I just downloaded was 4.5MB. Needless to say, the
> signature didn't verify. I also tried the gz link, which claimed a
> 3MB download, which actually came in at 6.4MB. Again, the signature
> didn't verify.
> Does anyone have any information about this?
The server lists the correct filesize. Try downloading it again.
You should have:
8f620b67dad86577cf77d7b43ba2ae43e204b5bc 2225034 /usr/ports/distfi=
827271d587e55035ee091b26404c8b41ac15d78f 65 /usr/ports/distfi=
But first try:
%truncate -s 2225034 gnupg-1.2.2.tar.bz2
in case something got appended to it.
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
firstname.lastname@example.org | web: http://jharris.cjb.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
-----END PGP SIGNATURE-----