unable to find Sha1 checksums/ package announcements

Dd Ll dlx9pekuv at gmail.com
Mon Aug 29 09:46:11 CEST 2016


         I have been trying to follow the advice given on your
integrity web page below:


 "Comparing Checksums

 If you are not able to use an old version of GnuPG,
 you can still verfiy the file's SHA-1 checksum.  This
 is less secure, because if someone modified the files
 as they were transferred to you, it would not be much
 more effort to modify the checksums that you see on
 this webpage.  As such, if you use this method, you
 should compare the checksums with those in release
 announcement.  This is sent to the gnupg-announce
 mailing list (among others), which is widely mirrored.
 Don't use the mailing list archive on this website, but
 find the announcement on several other websites and
 make sure the checksum is consistent.  This makes it
 more difficult for an attacker to trick you into installing
 a modified version of the software."

I have been trying to verify the checksums posted at
the above listed web site by checking for the announce
messages in the gnupg-announce mailing list.

Unfortunately there doesn't seem to be any anouncements
for the following tarballs:


I am checking for the checksums at the web archive https://marc.info/.
I have done a google search and can't seem to find any other site
that archives messages from gnupg-announce.

Have you stopped releasing announcements for certain tarballs or
am I missing something?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20160829/55aa8038/attachment.html>

More information about the Gnupg-users mailing list