(fwd from jerry@theashergroup.com) Suggestion: describe (or link to) how to verify your distributions

Martin Pool mbp at sourcefrog.net
Fri Nov 22 21:21:59 GMT 2002

On 22 Nov 2002, Martin Pool <mbp at sourcefrog.net> wrote:
> On 22 Nov 2002, Steve Langasek <vorlon at netexpress.net> wrote:
> > On Fri, Nov 22, 2002 at 12:56:39PM -0800, Martin Pool wrote:
> > > I'll write up a short page describing how to use them, unless Jerry
> > > particularly wants to do it.
> > 
> > In five words or less, from the gpg manpage:
> > 
> > $ gpg --verify samba-2.2.7.tar.gz.asc samba-2.2.7.tar.gz
> Yeah, sure, but:
>  What does this all mean?  Why should I care?
>  Where do I get GPG?
>  Where do I get the samba codesigning key?  How do I import it?   How
>  do I know I got the right one?
>  What do I do if it doesn't verify?
>  etc...

Before you reply: I know the answers to these, but probably many
people don't.  Merely saying how to run the command is not a complete
solution -- using GPG without understanding at least the basics is
worse than not using it at all.


More information about the samba-technical mailing list