OK, first, the disclaimer: I am sorry if that is not a securuty-related bug, i.e. everything is normal, but it might be. At present emerge-ing bash-3.1_p11 fails: ... >>> md5 src_uri ;-) bash31-007 >>> md5 src_uri ;-) bash31-008 >>> md5 src_uri ;-) bash31-009 !!! Digest verification Failed: !!! /usr/portage-distfiles/bash31-010 !!! Reason: Failed on MD5 verification Looking at the URL, there a two files bash31-010 and bash31-010.orig They seem binary equivalent, but their respected .sig files are different (that is normal, AFAIK). I checked the siganures from that URL and they seem valid: gpg --verify bash31-010.sig gpg: Signature made Mon Feb 20 22:23:05 2006 JST using DSA key ID 64EA74AB gpg: Good signature from "Chet Ramey <chet@cwru.edu>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 7C01 35FB 088A AF6C 66C6 50B9 BB58 69F0 64EA 74AB So is it just a glitch in out mirrors? (no idea when is MD5 generated)
OPening so that bug wranglers can have a look
Mis-assigned duplicate... *** This bug has been marked as a duplicate of 124930 ***
*** Bug 125817 has been marked as a duplicate of this bug. ***