Hello, Today I downloaded the latest Wireshark dmg file, when I use gpg --verify to check the signature, the result is:
$gpg --verify SIGNATURES-3.0.3.txt Wireshark\ 3.0.3\ Intel\ 64.dmg
gpg --verify SIGNATURES-3.0.3.txt Wireshark\ 3.0.3\ Intel\ 64.dmg
gpg: Signature made Thu Jul 18 02:30:44 2019 CST
gpg: using RSA key 5A5ADBA7DBEA6C3F87224F1982244A78E6FEAEEA
gpg: BAD signature from "Gerald Combs <[email protected]>" [unknown]
The sha256sum result is correct.
Download URL is: https://www.wireshark.org/download/osx/Wireshark%203.0.3%20Intel%2064.dmg
Can anyone tell me why the result shows BAD signature? Should I use the file anyway? Normally, it will show "Good Signature from...WARNING: This key is not certified with a trusted signature!"