On 21.08.20 19:14, Geoff Kaniuk wrote: > The report from several posts on stack exchange for gpg verification > seem to suggest that first time round things do fail. > > I have now run: > ~$ gpg --verify geany-1.36.tar.gz.sig geany-1.36.tar.gz > gpg: Signature made Sat 28 Sep 2019 13:50:49 BST > gpg: using RSA key ACA0246889FB96B63382111724CCD8550E5D1CAE > gpg: Good signature from "Colomban Wendling <b...@ban.netlib.re>" [expired] > gpg: aka "Colomban Wendling <b...@herbesfolles.org>" > [expired] > gpg: aka "Colomban Wendling > <lists....@herbesfolles.org>" [expired] > gpg: Note: This key has expired! > Primary key fingerprint: ACA0 2468 89FB 96B6 3382 1117 24CC D855 0E5D 1CAE > ~$ echo $? > 0 > > Given that I have received a "Good Signature" message and a return code > of zero, I guess the file is perfect?
Yepp. Only it was done with a key that is not valid anymore. It's up to you whether you still trust it or not. > The md5sum for the plugins also checks out OK. We should ban md5 to somewhere far far far away :D .f _______________________________________________ Users mailing list Users@lists.geany.org https://lists.geany.org/cgi-bin/mailman/listinfo/users