* Message by -Raymond Toy- from Sun 2010-03-14: > > Now you know that I'm the only user that cares about signatures. :-) > > > Well, if we didn't care, we wouldn't have signed them. :-) But it's my > fault for not copying my keys to another machine.
I meant only users, not developers. Of course you care. But these tarballs have been online for months and obviously I am the first user to notice that their signatures cannot be verified. > What method did you use to compute the checksums? I downloaded > cmucl-src-20a.tar.bz2 and the md5 sum is > e3e1daa3631d38ed3c3e7601d798aba1. I use SHA1. The MD5 sum is the same as for the file I've got here. > If you don't necessarily need the 20a release, could you try the 2010-03 > (or 02) snapshot? I have master copies of those binaries. Yes, I can try the snapshot. I did so yesterday night, but could also not download one of the keys used to sign them. Today it works. I've got the files (SHA1 again): da85bd1b4390a913075c9213e6ac237b40496de1 cmucl-2010-03-sparcv9-solaris10.tar.bz2 3bdc7debb828b3bcf4639976e6de72ece85d6437 cmucl-2010-03-x86-linux.tar.bz2 71ee45f7ae248ec1aa9e387f1f9cf2ef7022719c cmucl-src-2010-03.tar.bz2 They have good signatures made with keys 1D48 9A97 8199 21A0 97EE 297D 2792 2352 6819 3BB2 and 0EF5 0ED5 5514 BFF6 B72B 9DAC 06CE 3819 086C 750B respectively. -- Attached file included as plaintext by Listar -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQIcBAEBAgAGBQJLnTqFAAoJEFYll6N4nhdv1QwP/iWGybnqUh4HN2LK/HZBmHZI GvVmgfDfTVoCdflbyQWrJ3+fMIWKY/df6I1t3IMg5gbZq/aPPMrflxvdcrgi+sf3 dygP+RixgfVbAI1JgasNDd0GleG4rADoI0ZWDwTowHkE5EfQcUVNAMS2ZLeRs2YC Y4ZzaI6P0drkG6FD0cjmiZMZ2q7BMbhbYotEFjdko/NpGMcWLORe40uSWIWgAxJy WWSF9v9btlCPeO4HGd79i6AqezuxSu1hLGspP0XU0pE9ahuZDE7tBh0q4hSbITkB FOMDC66aQ71IOE69f45DhL/3ymcYVqbG/IsrhyAWb0ec3iRluUg3KNcE4rciEeXo WBXXuKnpBPY54gmuv3Vnn/9GRsY7a7PIKk2r0FmHylwGTv3MuTP/wA3GD5cVdmTK /1AASCYgHTdHsOfiit2ahx8WyQPy3c1wd/DYZ0qI0zK4wd7YOEVMTedn6/0uPvz/ 2l6IiRbOGcATXIHtfNPjnZ9qPOonEwr4AYD1seFGKs8mTXqO2jwf4IqQv/5zKVCE ZYPilU5nFuAf8xLjn5q4oJM+ZRkGmIzVPAd65qCitL3WHNaZ1pCA73n8Vkyz2NZ/ vYgbItxEoqvhDfVywCru7PsXww/jFbCZkCgdmY0fH/O49nSBaij+B20HvvnrceU7 1rE/M8bnN0Ot6JgybZRG =8RMF -----END PGP SIGNATURE-----
