*** WARNING ***
I'm going to start an exchange to try to determine whether Mike has the correct bits and why he can't verify the signature. It should be noted that this entire exchange is occuring over unprotected email, and so it is a bad idea to rely on statements made by either of us like "it works for me" or "the file has SHA-1 checksum XYZ" or "here is the file".
The _only_ way to ensure you have an unmodified copy of the patch is to verify the PGP signature, using a known-good copy of the developer's PGP key.
Now, on to business...
On Wednesday, September 01, 2004 08:19:33 -0700 Mike Friedman <[EMAIL PROTECTED]> wrote:
2004-002-patch_1.2.7.txt ========================
http://web.mit.edu/kerberos/advisories/2004-002-patch_1.2.7.txt
The associated detached PGP signature is at:
http://web.mit.edu/kerberos/advisories/2004-002-patch_1.2.7.txt.asc
I find that the PGP signature doesn't verify. Is anyone else having this problem?
Nope. I fetched the patch and the corresponding detached signature, and had no problems verifying the signature. You haven't said what tools you're using or what the error was, so let's start by considering the possibility that the bits you have don't match the ones Tom signed...
The correct patch is 6441 bytes and 247 lines. It has UNIX-style newlines; perhaps that is the problem. Can you send me a hash?
-- Jeff ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
