I somehow uploaded the correct sum.sig but an older version of the tarball, let's pretend I did this to ensure someone made a verify test ;-)
Anyways... the tarball has been reuploaded: $ signify -C -e -p opensmtpd-20181026.pub -x opensmtpd-7.5.0rc1.sum.sig Signature Verified opensmtpd-7.5.0rc1.tar.gz: OK $ March 8, 2024 10:17 PM, "Richard Narron" <rich...@aaazen.com> wrote: > On Fri, 8 Mar 2024, Omar Polo wrote: > > ... > >> Tarballs are available on the official mirror or on GitHub: >> >> https://opensmtpd.org/archives/opensmtpd-7.5.0rc1.tar.gz >> https://github.com/OpenSMTPD/OpenSMTPD/releases/tag/7.5.0rc1 >> >> Verify the tarball with signify(1) and the usual public key: >> >> https://opensmtpd.org/archives/opensmtpd-7.5.0rc1.sum.sig >> https://opensmtpd.org/archives/opensmtpd-20181026.pub > > I get an error trying to validate the sha256 checksum: > > $ sha256sum -c opensmtpd-7.5.0rc1.sum > opensmtpd-7.5.0rc1.tar.gz: FAILED > sha256sum: WARNING: 1 computed checksum did NOT match > > Regards, > Richard Narron