On Monday 10 June 2013 20:16:50 Jason Englander wrote:
> Is it just me? 0.5.2 verifies OK, but 0.5.3 and 0.5.4 do not.
>
>
> $ gpg --verify libssh-0.5.2.tar.gz.asc
> gpg: Signature made Fri 16 Sep 2011 04:00:38 PM EDT using DSA key ID
> F33E3FC6
> gpg: Good signature from "Andreas Schneider <[email protected]>"
> gpg: aka "Andreas Schneider <[email protected]>"
> gpg: aka "Andreas Schneider <[email protected]>"
> gpg: aka "Andreas 'GlaDiaC' Schneider <[email protected]>"
> gpg: aka "Andreas Schneider (Packman)
> <[email protected]>"
> gpg: aka "Andreas 'GlaDiaC' Schneider
> <[email protected]>"
> gpg: aka "Andreas 'GlaDiaC' Schneider (linux-gamers.net
> key) <[email protected]>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg: There is no indication that the signature belongs to the
> owner.
> Primary key fingerprint: E707 38FE FDB2 95F2 20F3 B73D 7FDE 3E8F F33E
> 3FC6
>
>
> $ gpg --verify libssh-0.5.3.tar.asc libssh-0.5.3.tar.gz
> gpg: Signature made Tue 20 Nov 2012 06:43:41 AM EST using DSA key ID
> F33E3FC6
> gpg: BAD signature from "Andreas Schneider <[email protected]>"
The file name is libssh-0.5.3.tar.asc so you have to verify libssh-0.5.3.tar
which means you need to unzip the gzip file ...
-- andreas
--
Andreas Schneider GPG-ID: F33E3FC6
www.cryptomilk.org [email protected]
