Hey thanks!
No, it wasn't whitespace but it was email obfuscation formatting that was done on that first page!
<
laanwj@gmail.com> BECAME
Well, it seems like a bad link for the security notice to be asking people to verify, because it's NOT going to verify!
Hope someone can share this with the devs still. They should provide better, working instructions for verification if people are going to be able to fend off potential attacks.
With the "raw" URL you sent, the verification is now working:
*** PGP SIGNATURE VERIFICATION ***
*** Status: Good Signature
*** Signer: Wladimir J. van der Laan (0x2346C9A6)
*** Signed: 6/24/2015 1:45:06 PM
*** Verified: 8/25/2016 4:56:28 AM
*** BEGIN PGP VERIFIED MESSAGE ***
Hello,
Starting with 0.11.0rc3, SHA256SUMS.asc will be signed with the following key:
pub 4096R/36C2E964 2015-06-24 Wladimir J. van der Laan (Bitcoin Core binary release signing key)
Primary key fingerprint: 01EA 5486 DE18 A882 D4C2 6845 90C8 019E 36C2 E964
For gitian and commit signing I will keep using this key.
Wladimir
*** END PGP VERIFIED MESSAGE ***