The rules files are signed so sa-update can verify it. Regards, KAM
On April 17, 2015 2:19:44 PM EDT, Mark Martinec <[email protected]> wrote: >> This passes all the tests including the xt tests from the build >> instructions and I believe covers all the issues tagged for 3.4.1 in >> bugzilla. >> >> I believe we are ready for 3.4.1 pending testing this release >> candidate. > >+1 looks good to me. > > >> Downloads are available from: >> http://people.apache.org/~kmcgrail/devel/ >> a5e4a3f174cc5ed8b18077f9a6ca0c47 >> Mail-SpamAssassin-rules-3.4.1-rc2.r1670273.tgz > >> GPG Verification Procedure >> The release files also have a .asc accompanying them. The file >serves >> as an external GPG signature for the given release file. The signing >> key is available via the wwwkeys.pgp.net key server, as well as >> http://www.apache.org/dist/spamassassin/KEYS >> >> The key information is: >> pub 4096R/F7D39814 2009-12-02 > >The rules file is signed with a different key, is this ok? > > $ gpg ./Mail-SpamAssassin-rules-3.4.1-rc2.r1670273.tgz.asc > gpg: WARNING: using insecure memory! > gpg: please see http://www.gnupg.org/documentation/faqs.html for more >information > gpg: assuming signed data in >`./Mail-SpamAssassin-rules-3.4.1-rc2.r1670273.tgz' > gpg: Signature made Wed Apr 1 04:39:47 2015 CEST using RSA key ID >24F434CE > gpg: Good signature from "updates.spamassassin.org Signing Key ><[email protected]>" > > >> To verify a release file, download the file with the accompanying >.asc >> file and run the following commands: >> gpg -v --keyserver wwwkeys.pgp.net --recv-key F7D39814 > >gpg -v --keyserver wwwkeys.pgp.net --recv-key F7D39814 >gpg: Invalid option "-v" > > >(the '-v' should have been a '--verbose' or left out, I suppose) > > Mark
