I seem to be having some trouble checking the sigs on postfix-3.3-20170613.tar.gz.
$ gpg --verify postfix-3.2.2.tar.gz.gpg1 postfix-3.3-20170613.tar.gz gpg: Signature made 2017-06-13T13:35:00 PDT using RSA key ID C12BCD99 gpg: Note: signatures using the MD5 algorithm are rejected gpg: Can't check signature: bad public key Oops, try again: $ gpg --allow-weak-digest-algos --verify postfix-3.2.2.tar.gz.gpg1 postfix-3.3-20170613.tar.gz gpg: Signature made 2017-06-13T13:35:00 PDT using RSA key ID C12BCD99 gpg: WARNING: digest algorithm MD5 is deprecated gpg: please see https://gnupg.org/faq/weak-digest-algos.html for more information gpg: BAD signature from "Wietse Venema <wie...@porcupine.org>" Hmm, try again: $ gpg2 --verify postfix-3.2.2.tar.gz.gpg2 postfix-3.3-20170613.tar.gz gpg: Signature made 2017-06-13T13:35:11 PDT using DSA key ID 0C0B590E80CA15A7 gpg: BAD signature from "Wietse Venema <wie...@porcupine.org>" [unknown] What am I missing?
signature.asc
Description: OpenPGP digital signature
