Was www.gnupg.org compromised?
Charly Avital
shavital@netbox.com
Mon May 12 21:38:03 2003
At 2:12 PM -0400 5/12/03, mike ledoux wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>I've just tried to download GnuPG 1.2.2 sources to upgrade, and am
>having some problems. The bz2 link on the website claims to be
>2.1MB, the copy I just downloaded was 4.5MB. Needless to say, the
>signature didn't verify. I also tried the gz link, which claimed a
>3MB download, which actually came in at 6.4MB. Again, the signature
>didn't verify.
>
>Does anyone have any information about this?
Just tried the bz2 link, for file and signature.
File is 2.1 MB, signature verifies 'Good signature from Werner Koch...etc.'
Charly