(fwd from firstname.lastname@example.org) Suggestion: describe (or link to) how to verify your distributions
mbp at sourcefrog.net
Fri Nov 22 21:21:59 GMT 2002
On 22 Nov 2002, Martin Pool <mbp at sourcefrog.net> wrote:
> On 22 Nov 2002, Steve Langasek <vorlon at netexpress.net> wrote:
> > On Fri, Nov 22, 2002 at 12:56:39PM -0800, Martin Pool wrote:
> > > I'll write up a short page describing how to use them, unless Jerry
> > > particularly wants to do it.
> > In five words or less, from the gpg manpage:
> > $ gpg --verify samba-2.2.7.tar.gz.asc samba-2.2.7.tar.gz
> Yeah, sure, but:
> What does this all mean? Why should I care?
> Where do I get GPG?
> Where do I get the samba codesigning key? How do I import it? How
> do I know I got the right one?
> What do I do if it doesn't verify?
Before you reply: I know the answers to these, but probably many
people don't. Merely saying how to run the command is not a complete
solution -- using GPG without understanding at least the basics is
worse than not using it at all.
More information about the samba-technical