A new version of the GNU Autoconf Archive is available for download. Here are the compressed sources and a GPG detached signature:
https://ftpmirror.gnu.org/autoconf-archive/autoconf-archive-2023.02.20.tar.xz https://ftpmirror.gnu.org/autoconf-archive/autoconf-archive-2023.02.20.tar.xz.sig Use a mirror for higher download bandwidth: https://www.gnu.org/order/ftp.html Here are the SHA1 and SHA256 checksums: e26d15db0f1ec60e9ea8ff024cf3ee895fa2eabd autoconf-archive-2023.02.20.tar.xz cdQEhHmuKPH1eUYZw9ct+cAd9JscYo74X943WW3DGjM autoconf-archive-2023.02.20.tar.xz The SHA256 checksum is base64 encoded, instead of the hexadecimal encoding that most checksum tools default to. Use a .sig file to verify that the corresponding file (without the .sig suffix) is intact. First, be sure to download both the .sig file and the corresponding tarball. Then, run a command like this: gpg --verify autoconf-archive-2023.02.20.tar.xz.sig The signature should match the fingerprint of the following key: pub rsa2048 2003-12-16 [SC] 1A4F 63A1 3A46 49B6 32F6 5EE1 41BC 28FE 9908 9D72 uid Peter Simons <sim...@cryp.to> If that command fails because you don't have the required public key, or that public key has expired, try the following commands to retrieve or refresh it, and then rerun the 'gpg --verify' command. gpg --locate-external-key sim...@cryp.to gpg --recv-keys 99089D72 wget -q -O- 'https://savannah.gnu.org/project/release-gpgkeys.php?group=autoconf-archive&download=1' | gpg --import - As a last resort to find the key, you can try the official GNU keyring: wget -q https://ftp.gnu.org/gnu/gnu-keyring.gpg gpg --keyring gnu-keyring.gpg --verify autoconf-archive-2023.02.20.tar.xz.sig
signature.asc
Description: PGP signature