tahoe 1.16.0

jg71 jg71 at p8d.org
Sat Oct 23 07:25:46 UTC 2021


* Chad Dougherty <crd at acm.org> wrote:

> There appear to be some problems with the signature on the new release
> tarball:
> $ gpg tahoe-lafs-1.16.0.tar.gz.asc
> gpg: assuming signed data in `tahoe-lafs-1.16.0.tar.gz'
> gpg: Signature made Tue Oct 19 19:38:15 2021 EDT using RSA key ID 128069A7
> gpg: BAD signature from "meejah <meejah at meejah.ca>"

cannot reproduce:

$ gpg2 tahoe-lafs-1.16.0.tar.gz.asc 
gpg: WARNING: no command supplied.  Trying to guess what you mean ...
gpg: assuming signed data in 'tahoe-lafs-1.16.0.tar.gz'
gpg: Signature made Wed 20 Oct 2021 01:38:15 AM CEST
gpg:                using RSA key 9D5A2BD5688ECB889DEBCD3FC2602803128069A7
gpg: Good signature from "meejah <meejah at meejah.ca>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 9D5A 2BD5 688E CB88 9DEB  CD3F C260 2803 1280 69A7


> $ sha256sum tahoe-lafs-1.16.0.tar.gz
> 81fb7ae0afe312108dcb150d2b8619b8f6ce81a3f5c1b9d5194e162addbc9f08
> *tahoe-lafs-1.16.0.tar.gz

$ sha256sum tahoe-lafs-1.16.0.tar.gz
0b1e05269b698dcae6b60c7bfa11f10f4e3aa07a681242a66d294aa4b7513525


> $ gpg -kvv meejah
> gpg: using PGP trust model
> gpg: can't handle public key algorithm 22
> pub   2048R/128069A7 2012-02-14
> uid                  meejah <meejah at meejah.ca>
> sig 3        128069A7 2012-02-14  meejah <meejah at meejah.ca>
> sig          4607B1FB 2016-10-04  [User ID not found]
> sig 2   P    863B95F7 2016-10-13  [User ID not found]
> sub   2048R/91939490 2012-02-14
> sig          128069A7 2012-02-14  meejah <meejah at meejah.ca>

$ gpg2 -kvv meejah
gpg: using pgp trust model
pub   rsa2048 2012-02-14 [SC]
      9D5A2BD5688ECB889DEBCD3FC2602803128069A7
uid           [ unknown] meejah <meejah at meejah.ca>
sub   rsa2048 2012-02-14 [E]


> $ gpg --finger meejah
> pub   2048R/128069A7 2012-02-14
>       Key fingerprint = 9D5A 2BD5 688E CB88 9DEB  CD3F C260 2803 1280 69A7
> uid                  meejah <meejah at meejah.ca>
> sub   2048R/91939490 2012-02-14

$ gpg2 --finger meejah
pub   rsa2048 2012-02-14 [SC]
      9D5A 2BD5 688E CB88 9DEB  CD3F C260 2803 1280 69A7
uid           [ unknown] meejah <meejah at meejah.ca>
sub   rsa2048 2012-02-14 [E]


$ gpg2 --version
gpg (GnuPG) 2.2.32
libgcrypt 1.9.4
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/tahoe2/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2


-- jg71


More information about the tahoe-dev mailing list