Hello,

the file itself verifies OK. What confused me is that I somehow thought
that the line
"Hash: SHA256" were to indicate that the following line contains the
SHA256SUM of grml96-full_2014.11.iso, while it actually contains the
SHA1SUM. But after reading it a second time, I guess this is actually a
hint from gpg which hash sum was used for the signature.

Sorry about that.

Andreas

Am 18.11.2014 um 11:02 schrieb Michael Prokop:
> Michael Prokop <mika@grml.org> added the comment:
>
> * Andreas Heinlein wrote in grml's BTS on 20141118 / 10:05:
>
>> The file containing the checksum and signature for
>> grml96-full_2014.11.iso reads:
>> ea7204ed77fa3df3a4ed68e3b8e2ad6f95d5242d  grml96-full_2014.11.iso
> I'm not sure what you mean,
> http://ftp-master.grml.org/grml96-full_2014.11.iso.sha1.asc
> looks just fine to me.
>
> | % gpg --verify grml96-full_2014.11.iso.sha1.asc
> | gpg: Signature made Sat Nov 15 11:28:24 2014 CET using RSA key ID B7EA3737
> | gpg: Good signature from [...]
>
> Notice that it is signed by my new key B7EA3737 (and no longer with 37E272E8).
>
> regards,
> -mika-
>
> ----------
> status: unread -> chatting
>
> _____________________________________
> GRML issue tracker <bts@bts.grml.org>
> <http://bts.grml.org/grml/issue1327>
> _____________________________________