verifying bind-9.10.0 download

mm half mm_half3 at yahoo.com
Mon May 5 17:54:43 UTC 2014



Thanks Evan.  Corrupted downloads.  Had to change the default gateway to get a valid source download. 

On Friday, May 2, 2014 9:07 PM, Evan Hunt <each at isc.org> wrote:
 
On Fri, May 02, 2014 at 05:50:45PM -0700, mm half wrote:
> I have downloaded bind-9.10.0.tar.gz from the ISC download site, imported in the pgpkey2013.txt located at:   https://www.isc.org/downloads/software-support-policy/openpgp-key/ , and can't seem to get any of the signature files to pass the verify test using gpg :
> 
> 
> gpg --verify bind-9.10.0.tar.gz.asc bind-9.10.0.tar.gz
> gpg: WARNING: using insecure memory!
> gpg: please see http://www.gnupg.org/faq.html for more information
> gpg: Signature made Tue Apr 29 16:12:28 2014 EDT using RSA key ID 189CDBC5
> gpg: BAD signature from "Internet Systems Consortium, Inc. (Signing key, 2013) <codesign at isc.org>"

Works fine for me.  Check the fingerprint on the tarball, it should be:

SHA256(bind-9.10.0.tar.gz)=
acc2f5cc58c121f927e02c23e7e3e2e4876139eaac4a9df71800d4a38917c887

-- 
Evan Hunt -- each at isc.org

Internet Systems Consortium, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20140505/45d9c3ad/attachment.html>


More information about the bind-users mailing list