The report from several posts on stack exchange for gpg verification seem to suggest that first time round things do fail.
I have now run: ~$ gpg --verify geany-1.36.tar.gz.sig geany-1.36.tar.gz gpg: Signature made Sat 28 Sep 2019 13:50:49 BST gpg: using RSA key ACA0246889FB96B63382111724CCD8550E5D1CAE gpg: Good signature from "Colomban Wendling ban@ban.netlib.re" [expired] gpg: aka "Colomban Wendling ban@herbesfolles.org" [expired] gpg: aka "Colomban Wendling lists.ban@herbesfolles.org" [expired] gpg: Note: This key has expired! Primary key fingerprint: ACA0 2468 89FB 96B6 3382 1117 24CC D855 0E5D 1CAE ~$ echo $? 0
Given that I have received a "Good Signature" message and a return code of zero, I guess the file is perfect?
The md5sum for the plugins also checks out OK.
Geoff
33 Ashbury Close, Cambridge CB1 3RW 01223 710582
On 21/08/2020 14:44, Geoff Kaniuk wrote: