On 2017-07-11 20:31, Claus Assmann wrote: > Use something like fetch (FreeBSD), ftp (OpenBSD), wget (others...) > to download software packages.
Yeah, I've been using wget. It's all good now, was 100% operator error. $ gpg --allow-weak-digest-algos --verify postfix-3.3-20170613.tar.gz.gpg1 postfix-3.3-20170613.tar.gz gpg: Signature made 2017-06-13T09:03:18 PDT using RSA key ID C12BCD99 gpg: WARNING: digest algorithm MD5 is deprecated gpg: please see https://gnupg.org/faq/weak-digest-algos.html for more information gpg: Good signature from "Wietse Venema <wie...@porcupine.org>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: FF 96 4A 8C 96 88 7C 6E A4 EF AD BF 48 34 E1 BB $ gpg2 --verify postfix-3.3-20170613.tar.gz.gpg2 postfix-3.3-20170613.tar.gz gpg: Signature made 2017-06-13T09:03:31 PDT using DSA key ID 0C0B590E80CA15A7 gpg: Good signature from "Wietse Venema <wie...@porcupine.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 622C 7C01 2254 C186 6774 69C5 0C0B 590E 80CA 15A7 $ file postfix-3.3-20170613.* postfix-3.3-20170613.tar.gz: gzip compressed data, last modified: Tue Jun 13 16:03:08 2017, max compression, from Unix postfix-3.3-20170613.tar.gz.gpg1: PGP signature Signature (old) postfix-3.3-20170613.tar.gz.gpg2: PGP signature Signature (old) postfix-3.3-20170613.tar.gz.sig: data Thanks for your attention.
signature.asc
Description: OpenPGP digital signature
