[Geany-Users] VerifyingDownloadedGeanyAndPlugins
Frank Lanitz
frank at xxxxx
Fri Aug 21 20:48:10 UTC 2020
On 21.08.20 19:14, Geoff Kaniuk wrote:
> The report from several posts on stack exchange for gpg verification
> seem to suggest that first time round things do fail.
>
> I have now run:
> ~$ gpg --verify geany-1.36.tar.gz.sig geany-1.36.tar.gz
> gpg: Signature made Sat 28 Sep 2019 13:50:49 BST
> gpg: using RSA key ACA0246889FB96B63382111724CCD8550E5D1CAE
> gpg: Good signature from "Colomban Wendling <ban at ban.netlib.re>" [expired]
> gpg: aka "Colomban Wendling <ban at herbesfolles.org>"
> [expired]
> gpg: aka "Colomban Wendling
> <lists.ban at herbesfolles.org>" [expired]
> gpg: Note: This key has expired!
> Primary key fingerprint: ACA0 2468 89FB 96B6 3382 1117 24CC D855 0E5D 1CAE
> ~$ echo $?
> 0
>
> Given that I have received a "Good Signature" message and a return code
> of zero, I guess the file is perfect?
Yepp. Only it was done with a key that is not valid anymore. It's up to
you whether you still trust it or not.
> The md5sum for the plugins also checks out OK.
We should ban md5 to somewhere far far far away :D
.f
More information about the Users
mailing list