GPG signature incorrect for Vivid's SHA1SUMS
Adam Conrad
adconrad at ubuntu.com
Mon Aug 17 21:42:02 UTC 2015
On Mon, Aug 17, 2015 at 10:23:03PM +0100, Aliz 'Randomdude' wrote:
>
> I'm unable to validate the gpg signature located at
> http://releases.ubuntu.com/vivid/SHA1SUMS.gpg correctly, though I can
> validate SHA256SUMS and MD5SUMS files.
>
> user at box:~$ gpg --verify SHA1SUMS.gpg SHA1SUMS
> gpg: Signature made Mon 03 Aug 2015 05:52:38 PM BST using DSA key ID FBB75451
> gpg: BAD signature from "Ubuntu CD Image Automatic Signing Key
> <cdimage at ubuntu.com>"
>
> Other files verify correctly.
You're not wrong, it's like this on the master copy as well. I wonder
how that came to be. Might have been a bit flip or something. I've
regenerated the sigs and pushed them again.
... Adam
More information about the Ubuntu-release
mailing list