Thanks for the response.
I'm new to this business of verifying files and I read somewhere recently that it is not safe to use a .md5 file from the same server from which I get the distribution file. The reason given was that the .md5 file may also have been hacked along with the distribution file. That's why I was going the .asc route.
Peter -
On Oct 12, 2004, at 9:14 PM, Jacob Kjome wrote:
It verifies just fine against the .md5 file using Ant's <checksum> task.
Jake
At 07:24 PM 10/12/2004 -0700, you wrote: >The following files were downloaded from the Apache Jakarta Site: > >jakarta-tomcat-5.0.28.tar.gz >jakarta-tomcat-5.0.28.tar.gz.asc >jakarta-tomcat-5.0.28.tar.gz.md5 > >Attempted to verify the distribution before installing it: > >$ gpg --verify jakarta-tomcat-5.0.28.tar.gz.asc >jakarta-tomcat-5.0.28.tar.gz >gpg: Signature made Sat Aug 28 18:02:16 2004 PDT using DSA key ID >7C037D42 >gpg: Can't check signature: public key not found > >$ gpg --keyserver pgpkeys.mit.edu --recv-keys 7C037D42 >gpg: no valid OpenPGP data found. >gpg: Total number processed: 0 > >$ >. >. >. > >I have tried numerous keyservers with the same result. What am I doing >wrong? > >Peter - > >
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
