[Announce] GnuPG 2.1.17 released
Werner Koch
wk at gnupg.org
Tue Dec 20 19:24:42 CET 2016
On Tue, 20 Dec 2016 13:46, cmt at burggraben.net said:
> I believe there's something wrong with the signature of the latest
> release.
Sorry, my fault. To create the signature I use
gpg -sbvu SIGNINGKEY gnupg-2.1.17.tar.bz2
Today I forgot the -b and thus a non-detached signature was created
(suffix .gpg). After realizing that I fixed that but probably I did
gpg -sbvu SIGNINGKEY gnupg-2.1.17.tar.bz2.gpg
which is obviously wrong. Then I copied gnupg-2.1.17.tar.bz2{,.sig} to
the final locations. The end result is that the detached signature was
over a binary signed tarball and not over the plain tarball. I can't
prove that anymore because I deleted the .gpg files before I noticed
that the signature were wrong.
Before you ask: Yes, I should add a make target for signing. Actually I
did this for the Windows installer's yesterday.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: </pipermail/attachments/20161220/afb9a572/attachment.sig>
More information about the Gnupg-users
mailing list