lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 6 Aug 2020 07:24:23 +0530
From:   Bhaskar Chowdhury <>
To:     David Niklas <>
Cc:     Greg Kroah-Hartman <>,
        LKML <>,
        Randy Dunlap <>
Subject: Re:Use the script already there.. Is anyone else getting a bad
 signature from's 5.8 sources+Greg's sign?

On 20:59 Wed 05 Aug 2020, David Niklas wrote:
>I downloaded the kernel sources from using curl, then
>opera, and finally lynx (to rule out an html parsing bug). I did the same
>with the sign and I keep getting:
>%  gpg2 --verify linux-5.8.tar.sign linux-5.8.tar.xz
>gpg: Signature made Mon Aug  3 00:19:13 2020 EDT
>gpg:                using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
>gpg: BAD signature from "Greg Kroah-Hartman
><>" [unknown]
>I did refresh all the keys just in case.
>I believe this is important so I'm addressing this to the signer and only
>CC'ing the list.
>If I'm made some simple mistake, feel free to send SIG666 to my terminal.
>I did re-read the man page just in case.

You should be using this script to download and verify kernel from there for a reason , please use it...which take away
all the manual labor ..

Here is pointer to get the script :


Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists