lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 5 Aug 2020 20:59:24 -0400
From:   David Niklas <>
To:     Greg Kroah-Hartman <>
Cc:     LKML <>
Subject: Is anyone else getting a bad signature from's 5.8
 sources+Greg's sign?

I downloaded the kernel sources from using curl, then
opera, and finally lynx (to rule out an html parsing bug). I did the same
with the sign and I keep getting:

%  gpg2 --verify linux-5.8.tar.sign linux-5.8.tar.xz
gpg: Signature made Mon Aug  3 00:19:13 2020 EDT
gpg:                using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
gpg: BAD signature from "Greg Kroah-Hartman
<>" [unknown]

I did refresh all the keys just in case.
I believe this is important so I'm addressing this to the signer and only
CC'ing the list.

If I'm made some simple mistake, feel free to send SIG666 to my terminal.
I did re-read the man page just in case.


Powered by blists - more mailing lists