Tarball signatures

[Jason Englander <jasoneng3@xxxxxxxxx>]

Is it just me?  0.5.2 verifies OK, but 0.5.3 and 0.5.4 do not.


$ gpg --verify libssh-0.5.2.tar.gz.asc
gpg: Signature made Fri 16 Sep 2011 04:00:38 PM EDT using DSA key ID 
F33E3FC6
gpg: Good signature from "Andreas Schneider <asn@xxxxxxxxxxxxxx>"
gpg:                 aka "Andreas Schneider <asn@xxxxxxxxx>"
gpg:                 aka "Andreas Schneider <asn@xxxxxxxxxxxx>"
gpg:                 aka "Andreas 'GlaDiaC' Schneider <mail@xxxxxxxxxxxx>"
gpg:                 aka "Andreas Schneider (Packman) 
<andreas@xxxxxxxxxxxxxx>"
gpg:                 aka "Andreas 'GlaDiaC' Schneider 
<andreas.schneider@xxxxxxxxxxxxxxxx>"
gpg:                 aka "Andreas 'GlaDiaC' Schneider (linux-gamers.net 
key) <andreas.schneider@xxxxxxxxxxxxxxxx>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the 
owner.
Primary key fingerprint: E707 38FE FDB2 95F2 20F3  B73D 7FDE 3E8F F33E 
3FC6


$ gpg --verify libssh-0.5.3.tar.asc libssh-0.5.3.tar.gz
gpg: Signature made Tue 20 Nov 2012 06:43:41 AM EST using DSA key ID 
F33E3FC6
gpg: BAD signature from "Andreas Schneider <asn@xxxxxxxxxxxxxx>"


$ gpg --verify libssh-0.5.4.tar.asc libssh-0.5.4.tar.gz
gpg: Signature made Tue 22 Jan 2013 05:53:07 AM EST using DSA key ID 
F33E3FC6
gpg: BAD signature from "Andreas Schneider <asn@xxxxxxxxxxxxxx>"


TIA,
  Jason