[Libreoffice-qa] [ANN] LibreOffice 4.1.2 RC2 test builds available

[Christian Lohmaier]

HI Pedro, *,

On Thu, Sep 19, 2013 at 3:20 PM, Pedro <pedlino at gmail.com> wrote:
>
> The first time I downloaded the installer file for Windows, the download was
> somehow corrupted.
>
> Although the file size was correct (215334912 bytes) and GPG verification
> reported no errors

Then you're mixing up different things I guess.

When the gpg verification passes, then it means that the file *is*
intact, and that you didn't download another file the next time. The
problem during installation is not related to a broken download, but
is a different problem.

The bug doesn't give much hint as what is wrong, since especially:

> However when I created a SHA1 (using GPG4Win) of a newly downloaded
> installer (which works correctly) it doesn't match the corrupted file (as
> expected, obviously)

Is strange. Maybe you downloaded one file, and verified the other? Or
the file was truncated/damaged after you did verify it.

> My point here is: if GPG verification does not guarantee file integrity can
> TDF provide a Checksum (SHA1 or MD5) with the Pre-release files?

The gpg signature does both verify the integrity as well as the origin
of the file.

My guess is that you misinterpreted whatever message gpg did print
when verifying. (Like reporting the meaning - "Sorry, the file is a
signature with the key AFEEAEA3, but I don't know the public key, so I
cannot check whether the signature is correct")

Verifying a signature also includes verifying the file's
contents/checksum. No different thatn SHA1.

So I hope you still have both copies of the file and can carefully
compare the gpg outputs of both.

ciao
Christian