incubator-ooo-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ariel Constenla-Haile <arie...@apache.org>
Subject Re: downloading Open Office Incubator version 3.4
Date Fri, 15 Jun 2012 06:19:12 GMT
Hi Shawn,

On Thu, Jun 14, 2012 at 06:28:54PM -0300, Shawn Pringle wrote:
> I attempted to download the Open Office binary but all I get is 20 MB
> of it.  Yet, my browser indicates the file should be 144 MB.
> 
> What size should the thing be.

Apache_OpenOffice_incubating_3.4.0_Win_x86_install_en-US.exe size is 145
MB

Use the checksums to verify the download, they are located in
http://www.apache.org/dist/incubator/ooo/files/stable/3.4.0/

> 
> I was able to import the keys into a keyring.  Using the instructions
> I run the verification procedure and I get:
> gpg: Signature made 04/19/12 07:16:15 using RSA key ID 51B5FDE8
> gpg: BAD signature from "Juergen Schnmidt <jsc@apache.org>"

Did you follow these instructions?
http://www.openoffice.org/download/checksums/3.4.0_checksums.html#howto

They are missing for Windows. As you have Enigmail+Thunderbird, I guess
you already downloaded GnuPG.

Download the AOO keys: https://people.apache.org/keys/group/ooo.asc

Import them:

"C:\Program Files\GNU\GnuPG\gpg.exe" --import ooo.asc

Download the executable and its key, then verify:

"C:\Program Files\GNU\GnuPG\gpg.exe" --verify Apache_OpenOffice_incubating_3.4.0_Win_x86_install_en-US.exe.asc
Apache_OpenOffice_incubating_3.4.0_Win_x86_install_en-US.exe

gpg: Firmado el 04/19/12 07:20:29 usando clave RSA ID 51B5FDE8
gpg: Firma correcta de "Juergen Schmidt <jogischmidt@googlemail.com>"
gpg:                 alias "Juergen Schmidt <jsc@apache.org>"
gpg:                 alias "Juergen Schmidt <jogischmidt@gmail.com>"
gpg: ATENCIÓN: ¡Esta clave no está certificada por una firma de confianza!
gpg:           No hay indicios de que la firma pertenezca al propietario.
Huellas dactilares de la clave primaria: D09F B15F 1A24 768D DF1F  A29C CFEE F316 51B5 FDE8


This output message is in Spanish, yours will be in English. You don't get
a "BAD signature" message, but a warning, if you didn't trust this key
before, or any of the other keys that have certified this key
http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0xCFEEF31651B5FDE8

> A point of order: should I or shouldn't I sign my messages with GPG?

IMHO you should always sign your mails. Notice the following in your
mail:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
[...]
> -----BEGIN PGP SIGNATURE-----
[...]
> -----END PGP SIGNATURE-----

I suggest you configure Enigmail to sign using PGP/MIME instead of the
old-fashioned inline-PGP, in Thunderbird's Account Settings go to
OpenPGP Security and enable "Use PGP/MIME by default".

See the Handbook/Help: http://www.rainydayz.org/node/68


Regards
-- 
Ariel Constenla-Haile
La Plata, Argentina

Mime
View raw message