Was www.gnupg.org compromised?

Charly Avital shavital@netbox.com
Mon May 12 21:38:03 2003

At 2:12 PM -0400 5/12/03, mike ledoux wrote:
>Hash: SHA1
>I've just tried to download GnuPG 1.2.2 sources to upgrade, and am
>having some problems.  The bz2 link on the website claims to be
>2.1MB, the copy I just downloaded was 4.5MB.  Needless to say, the
>signature didn't verify.  I also tried the gz link, which claimed a
>3MB download, which actually came in at 6.4MB.  Again, the signature
>didn't verify.
>Does anyone have any information about this?

Just tried the bz2 link, for file and signature.
File is 2.1 MB, signature verifies 'Good signature from Werner Koch...etc.'