BAD signatures for GnuPG Stable

Robert J. Hansen rjh at
Thu Jan 28 06:56:31 CET 2016

> Could this be some kind of man-in-the-middle attack? I don't recall
> having seen a signature fail like this before.

MitM is theoretically possible, but unlikely: an attacker would have to
be both technically sophisticated and profoundly stupid.  It's far more
likely there's an innocuous explanation.

The MD5 and SHA256 digests of it are:


I just downloaded it and was able to verify Werner's signature.

More information about the Gnupg-users mailing list