[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [be] Verification of release tar balls
From: |
Jonathan Marsden |
Subject: |
Re: [be] Verification of release tar balls |
Date: |
Fri, 24 Sep 2010 11:51:47 -0700 |
User-agent: |
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.8) Gecko/20100802 Thunderbird/3.1.2 |
Teus,
On 9/24/2010 11:03 AM, Teus Benschop wrote:
> The build computer is different from the web server. The scripts
> given by Jonathan were excellent. They made it easy to at once grasp
> the idea for making the sums. If there are similar scripts for doing
> the signing with GnuPG, that would help greatly. Teus.
Assuming you have already set up gpg itself, generated a keypair, and
published the public key to the keyservers, then
gpg -ab bibledit-gtk-4.1.tar.gz
(and providing your gpg passphrase when prompted for it) will create a
detached signature file bibledit-gtk-4.1.tar.gz.asc
Users can later verify this by downloading the pair of .gz and .gz.asc
files, importing the relevant public key from the keyservers, and then
running
gpg --verify bibledit-gtk-4.1.tar.gz.asc bibledit-gtk-4.1.tar.gz
My opinion is that far fewer users understand this approach than
understand the way to check MD5SUMs, and it is less easily automatable
(because you have to import the specific public key involved) so while
the level of verification is definitely higher, the chance that someone
will actually take the time to verify a file this way is lower. It's
good practice to provide both, of course :)
Jonathan
- [be] Verification of release tar balls, John Marshall, 2010/09/23
- Re: [be] Verification of release tar balls, Teus Benschop, 2010/09/23
- Re: [be] Verification of release tar balls, Jonathan Marsden, 2010/09/23
- Re: [be] Verification of release tar balls, Teus Benschop, 2010/09/24
- Re: [be] Verification of release tar balls, David Gardner, 2010/09/24
- Re: [be] Verification of release tar balls, Teus Benschop, 2010/09/24
- Re: [be] Verification of release tar balls,
Jonathan Marsden <=
- Re: [be] Verification of release tar balls, Teus Benschop, 2010/09/25
- Re: [be] Verification of release tar balls, John Marshall, 2010/09/27
- Re: [be] Verification of release tar balls, Teus Benschop, 2010/09/27
- Re: [be] Verification of release tar balls, John Marshall, 2010/09/27