I had the exact same message with my Download on friday. I'm already a Transmission user, so I usually do the update within Transmission. Friday, though, my update in Transmission failed due to a wrong signature. I then proceeded to a download through the web page. That download produced the same message the OP had.
I checked the signature against the one posted on the web-page, and of course it was wrong:
Code: Select all
$ openssl sha1 Transmission-2.90.dmg
SHA1(Transmission-2.90.dmg)= 5f8ae46ae82e346000f366c3eabdafbec76e99e9
I'm not sure, if I downloaded the file through the https site or with an http url at the time. Safari does think it was https, though, and I can't remember any warnings. As a source for the offending file Safari stored
Code: Select all
https://download.transmissionbt.com/files/Transmission-2.90.dmg, https://www.transmissionbt.com/download/
in the file metadata. Not sure how accurate that is, though.
I re-downloaded again this morning, this time the file was ok and the sha1 was correct. Although, Safari lists cachefly as the source of the correct file, not transmissionbt.com:
Code: Select all
https://transmission.cachefly.net/Transmission-2.90.dmg, https://www.transmissionbt.com/download/
For reference: my computer is not on a public network, it was hooked up with a lan cable to my router.