How do you GPG verify all of your rsync slackware directory

Old_Fogie · 10-24-2006, 03:28 AM

Hi Eric,

here's the copy/paste:

Quote:

The current signature for the release is actually the signed release (Not a detached signature). To extract the release from the signature, you can use "gpg snort-2.6.0.2.tar.gz.sig", and this will verify and extract the .tar.gz file.

I've made a note to our release team to generate detached signatures for future releases.

Hope this helps!

unSpawn · 10-24-2006, 06:27 AM

//Since you didn't enable email:
I'm gonna notify admin's here at LQ maybe they want to make a sticky in 'security'.

First of all GPG/PGP usage should be considered general knowledge and distributions that use GPG for security bulletin and package authenticity and integrity verification mention it in their docs and HOWTO's as well. Next to that most sites that provide packages that are signed (detached or not) provide details on how to verify those using the .sig file. Based on that I find stickying this information in the Linux Security forum not necessary. You are welcome to make it a Wiki entry or LQ HOWTO or article.