Tarball signature issues

[paravoid]

1. The signature seems to be using the obsolete SHA1 digest algorithm:

gpgv: Signature made Tue Jun 13 03:23:32 2023 UTC
gpgv:                using RSA key AAB38CB797C750C778C608C6DDEB141DF7380F61
gpgv: Note: signatures using the SHA1 algorithm are rejected
gpgv: Can't check signature: Bad public key

This is likely due to an older version of GnuPG as I think newer versions have improved defaults.

But you can override the defaults using --personal-cipher-preferences, I believe.

2. It looks like your key has expired:

$ gpg --list-keys AAB38CB797C750C778C608C6DDEB141DF7380F61
pub   rsa4096/0xDDEB141DF7380F61 2013-11-04 [SC] [expired: 2022-02-04]
      Key fingerprint = AAB3 8CB7 97C7 50C7 78C6  08C6 DDEB 141D F738 0F61
uid                   [ expired] Peter Bieringer (Code Signing Key 2013) <code@bieringer.de>
uid                   [ expired] [jpeg image of size 2653]

[paravoid]

So both of these seem to be due to me using an older key. I think http://www.bieringer.de/ftp/pub/linux/IPv6/ipv6calc/ has your older key, but I see now that https://www.deepspace6.net/ftp/pub/ds6/sources/ipv6calc/CODE-GPG-KEY-bieringer.de-2013 has a newer version that expires in 2027.

[pbiering]

@paravoid : thank you for reporting outdated key, have updated them now here: http://www.bieringer.de/ftp/pub/linux/IPv6/ipv6calc/

And used signature algorithm is SHA256 for latest version.

gpg --verbose --verify ipv6calc-4.1.0.tar.gz.sig
gpg: assuming signed data in 'ipv6calc-4.1.0.tar.gz'
gpg: Signature made Tue 13 Jun 2023 05:23:35 AM CEST
gpg:                using RSA key AAB38CB797C750C778C608C6DDEB141DF7380F61
gpg: using pgp trust model
gpg: Good signature from "Peter Bieringer (Code Signing Key 2013) <code@bieringer.de>" [ultimate]
gpg:                 aka "[jpeg image of size 2653]" [ultimate]
gpg: binary signature, digest algorithm SHA256, key algorithm rsa4096