https://issues.apache.org/bugzilla/show_bug.cgi?id=57103
--- Comment #2 from Sebb <s...@apache.org> --- (In reply to Konstantin Kolinko from comment #1) > The HTTPD page does it wrong. > > The following command is seriously broken: > % gpg --verify httpd-2.2.0.tar.gz.asc It works for me - see below. > It must be > % gpg --verify httpd-2.2.0.tar.gz.asc httpd-2.2.0.tar.gz That works too. > per > http://blog.terryburton.co.uk/2006/11/falling-into-trap-with-gpg.html That page no longer exists. > https://www.gnupg.org/gph/en/manual/x135.html That page does mention both the sig and the input file. However I have found that gpg verify works fine with just the .sig or .asc file. GPG looks for a file with the .asc/.sig removed and uses that if it is found; if not it reports: gpg: no signed data gpg: can't hash datafile: No data > It makes little sense for each project to maintain a "how to verify PGP" > page. There is an ASF-wide one, > http://www.apache.org/info/verification.html Indeed. The ASF one probably appeared after the httpd one. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
