Hi Christian, all
Christian Lohmaier-2 wrote >> However when I created a SHA1 (using GPG4Win) of a newly downloaded >> installer (which works correctly) it doesn't match the corrupted file (as >> expected, obviously) > > Is strange. Maybe you downloaded one file, and verified the other? Or > the file was truncated/damaged after you did verify it. I created a SHA1 file of the second installer (which is working) and used that SHA1 file to check the integrity of the corrupted installer. The checksum failed, obviously. Christian Lohmaier-2 wrote > The gpg signature does both verify the integrity as well as the origin > of the file. > > My guess is that you misinterpreted whatever message gpg did print > when verifying. (Like reporting the meaning - "Sorry, the file is a > signature with the key AFEEAEA3, but I don't know the public key, so I > cannot check whether the signature is correct") > > Verifying a signature also includes verifying the file's > contents/checksum. No different thatn SHA1. > > So I hope you still have both copies of the file and can carefully > compare the gpg outputs of both. Yes, I have both copies and checking with GPG4Win reports the same for both installers <http://nabble.documentfoundation.org/file/n4074791/GPGcheck.png> Maybe GPG4Win is not the right tool? Pedro -- View this message in context: http://nabble.documentfoundation.org/Libreoffice-qa-ANN-LibreOffice-4-1-2-RC2-test-builds-available-tp4074723p4074791.html Sent from the QA mailing list archive at Nabble.com. _______________________________________________ List Name: Libreoffice-qa mailing list Mail address: Libreoffice-qa@lists.freedesktop.org Change settings: http://lists.freedesktop.org/mailman/listinfo/libreoffice-qa Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://lists.freedesktop.org/archives/libreoffice-qa/