On 06/09/2009 05:30 PM, Todd Zullinger wrote: > alan wrote: >> The checksum file is also signed with gpg. (Finally!) > > They've been gpg signed for as long as I can recall. Or do you mean > that earlier snapshots had unsigned checksum files? RCs earlier than RC4 had unsigned checksum files, and RC4's checksum file was also originally unsigned, before it was decided to push it. A few mirrors have these unsigned files instead of the correct signed ones.
Description: S/MIME Cryptographic Signature