On Tue, Jul 11, 2017, Gene Hightower wrote: > $ gpg --allow-weak-digest-algos --verify postfix-3.2.2.tar.gz.gpg1 > postfix-3.3-20170613.tar.gz
> gpg: BAD signature from "Wietse Venema <wie...@porcupine.org>" Did you use some "web browser" to download the files? If so, that "helpful" software might have unpacked the file without renaming it... $ file postfix-3.2.2.tar.gz* postfix-3.2.2.tar.gz: gzip compressed data, from Unix, last modified: Tue Jun 13 13:34:51 2017, max compression postfix-3.2.2.tar.gz.gpg1: PGP signature $ gpg --verify postfix-3.2.2.tar.gz.gpg1 postfix-3.2.2.tar.gz gpg: Signature made Tue Jun 13 13:35:00 2017 PDT using RSA key ID C12BCD99 gpg: Good signature from "Wietse Venema <wie...@porcupine.org>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: FF 96 4A 8C 96 88 7C 6E A4 EF AD BF 48 34 E1 BB Use something like fetch (FreeBSD), ftp (OpenBSD), wget (others...) to download software packages.
