verifying bind-9.10.0 download

Evan Hunt each at isc.org
Sat May 3 01:07:57 UTC 2014


On Fri, May 02, 2014 at 05:50:45PM -0700, mm half wrote:
> I have downloaded bind-9.10.0.tar.gz from the ISC download site, imported in the pgpkey2013.txt located at:   https://www.isc.org/downloads/software-support-policy/openpgp-key/ , and can't seem to get any of the signature files to pass the verify test using gpg :
> 
> 
> gpg --verify bind-9.10.0.tar.gz.asc bind-9.10.0.tar.gz
> gpg: WARNING: using insecure memory!
> gpg: please see http://www.gnupg.org/faq.html for more information
> gpg: Signature made Tue Apr 29 16:12:28 2014 EDT using RSA key ID 189CDBC5
> gpg: BAD signature from "Internet Systems Consortium, Inc. (Signing key, 2013) <codesign at isc.org>"

Works fine for me.  Check the fingerprint on the tarball, it should be:

SHA256(bind-9.10.0.tar.gz)=
acc2f5cc58c121f927e02c23e7e3e2e4876139eaac4a9df71800d4a38917c887

-- 
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.


More information about the bind-users mailing list