On Sun, Oct 11, 2015 at 07:59:40PM -0400, Wietse Venema wrote:
> Postfix stable release 3.0.3 is available, as well as legacy releases
> 2.11.7, 2.10.9, and 2.9.15.
The source tarball is missing for 2.9.15.
For the other releases I am getting an "invalid armor header"
warning with the new gpg1 and gpg2 signatures:
$ gpg --verify postfix-3.0.3.tar.gz.gpg1 postfix-3.0.3.tar.gz
gpg: invalid armor header:
iQEVAwUAVhmCJQcvYPDBK82ZAQp4KAf/WHG55JAeskr9bxVCgOYUZBtpahgECdHi\n
gpg: Signature made Sat Oct 10 17:24:53 2015 EDT using RSA key ID C12BCD99
gpg: Good signature from "Wietse Venema <wie...@porcupine.org>"
$ gpg --verify postfix-3.0.3.tar.gz.gpg2 postfix-3.0.3.tar.gz
gpg: invalid armor header:
iFcDBQBWGYIwDAtZDoDKFacRCgpHAQCBJnD2fFNYNJNDxhFbQ3X62DUix2dzKCa4\n
gpg: Signature made Sat Oct 10 17:25:04 2015 EDT using DSA key ID 80CA15A7
gpg: Good signature from "Wietse Venema <wie...@porcupine.org>"
but not with the legacy MD5 signature:
$ gpg --verify postfix-3.0.3.tar.gz.sig postfix-3.0.3.tar.gz
gpg: Signature made Sat Oct 10 17:24:53 2015 EDT using RSA key ID C12BCD99
gpg: WARNING: digest algorithm MD5 is deprecated
gpg: please see https://gnupg.org/faq/weak-digest-algos.html for more
information
gpg: Good signature from "Wietse Venema <wie...@porcupine.org>"
Any word on what the new keys are about?
--
Viktor.
