Was www.gnupg.org compromised?
Jason Harris
jharris@widomaker.com
Mon May 12 21:19:03 2003
--2B/JsCI69OhZNC5r
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, May 12, 2003 at 02:12:49PM -0400, mike ledoux wrote:
=20
> I've just tried to download GnuPG 1.2.2 sources to upgrade, and am
> having some problems. The bz2 link on the website claims to be
> 2.1MB, the copy I just downloaded was 4.5MB. Needless to say, the
> signature didn't verify. I also tried the gz link, which claimed a
> 3MB download, which actually came in at 6.4MB. Again, the signature
> didn't verify.
>=20
> Does anyone have any information about this?
The server lists the correct filesize. Try downloading it again.
You should have:
%esha1sum $pd/gnupg-1.2.2.tar.bz2*
8f620b67dad86577cf77d7b43ba2ae43e204b5bc 2225034 /usr/ports/distfi=
les/gnupg-1.2.2.tar.bz2
827271d587e55035ee091b26404c8b41ac15d78f 65 /usr/ports/distfi=
les/gnupg-1.2.2.tar.bz2.sig
But first try:
%truncate -s 2225034 gnupg-1.2.2.tar.bz2
in case something got appended to it.
--=20
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
jharris@widomaker.com | web: http://jharris.cjb.net/
--2B/JsCI69OhZNC5r
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
iD8DBQE+v/P/SypIl9OdoOMRApUNAJ9F+NEI2lm77fLdBdAALqaqAIWz2ACfX4z3
qLmKTjJB2GDlS4wxyz0S1ys=
=hqMM
-----END PGP SIGNATURE-----
--2B/JsCI69OhZNC5r--