Solved! It WAS a bad download. I downloaded both the tarball and the .sig file and got the following:
gpg: Signature made Wed Aug 1 15:14:44 2012 PDT using RSA key ID C12BCD99 gpg: Good signature from "Wietse Venema <wie...@porcupine.org>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: FF 96 4A 8C 96 88 7C 6E A4 EF AD BF 48 34 E1 BB Bastian: What do you mean, "You want to generate yourself a key in the more modern v4 version, which is available since at least 1998, regardless if it is a RSA or DSA key." Are you suggesting *I* generate a key or Wietse should generate a new key and sign the tarballs with? Ed