Stable: 2.5.2
Development: 2.6-alpha3
Download
This despite the fact that the MD5 hashes match those given on moc's website, both for the signature and the source tarball. I have gpg version 1.4.22, while the signature was made with 1.4.10, but that shouldn't be a problem.
jcf
Wed, 2018-03-07 19:29
Permalink
According to the MOC README:
... verify the tarball thusly: xzcat moc-2.6-alpha3.tar.xz | gpg --verify moc-2.6-alpha3.tar.asc - The signature file (*.asc) was made against the uncompressed tarball, ...
... verify the tarball thusly:
xzcat moc-2.6-alpha3.tar.xz | gpg --verify moc-2.6-alpha3.tar.asc -
The signature file (*.asc) was made against the uncompressed tarball, ...
But you were right to verify it and not proceed further if you didn't get a good result.
jcf
Wed, 2018-03-07 19:29
Permalink
You Were Right To Raise A Red Flag
According to the MOC README:
But you were right to verify it and not proceed further if you didn't get a good result.