(fwd from jerry@theashergroup.com) Suggestion: describe (or link to) how to verify your distributions
Martin Pool
mbp at sourcefrog.net
Fri Nov 22 21:21:59 GMT 2002
On 22 Nov 2002, Martin Pool <mbp at sourcefrog.net> wrote:
> On 22 Nov 2002, Steve Langasek <vorlon at netexpress.net> wrote:
> > On Fri, Nov 22, 2002 at 12:56:39PM -0800, Martin Pool wrote:
> > > I'll write up a short page describing how to use them, unless Jerry
> > > particularly wants to do it.
> >
> > In five words or less, from the gpg manpage:
> >
> > $ gpg --verify samba-2.2.7.tar.gz.asc samba-2.2.7.tar.gz
>
> Yeah, sure, but:
>
> What does this all mean? Why should I care?
>
> Where do I get GPG?
>
> Where do I get the samba codesigning key? How do I import it? How
> do I know I got the right one?
>
> What do I do if it doesn't verify?
>
> etc...
Before you reply: I know the answers to these, but probably many
people don't. Merely saying how to run the command is not a complete
solution -- using GPG without understanding at least the basics is
worse than not using it at all.
--
Martin
More information about the samba-technical
mailing list