Hi
I might be paranoid AND stupid, but to me, it appears that the files on download.wikimedia.org are wrong. What I did:
- downloaded http://download.wikimedia.org/mediawiki/1.13/mediawiki-1.13.2.tar.gz - checked md5sum and compared it to http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-October/000078.... - result: e10f791ba9ecd02dd751a5676cc84405 mediawiki-1.13.2.tar.gz - downloaded the .sig file from http://download.wikimedia.org/mediawiki/1.13/mediawiki-1.13.2.tar.gz.sig - downloaded the keys (https://secure.wikimedia.org/keys.txt) and imported them - ran gpg --verify on the sig file - result:
[ apache@zrhsrv06.ch.eu.colt ] [ bash ]: gpg --verify mediawiki-1.13.2.tar.gz.sig gpg: Signature made Thu 02 Oct 2008 05:48:30 PM METDST using DSA key ID E8A3FEC4 gpg: BAD signature from "Tim Starling tstarling@wikimedia.org"
What's wrong here?
Cheers
André