LFS Package GPG Signature
maillist at hummelink.xs4all.nl
Mon Jun 7 09:27:06 PDT 2004
Jeroen Coumans wrote:
> Archaic said the following on 07-06-2004 13:45:
>> On Mon, Jun 07, 2004 at 09:45:57AM +0200, Ronald Hummelink wrote:
>>> IMHO this is very damn normal way to get the public key from
>>> someone, the LFS book doesn't mention a lot of things with this very
>> It is common practice to mention on a web site how to get a public key.
>> There is nothing wrong with having a page for it and a link in the book.
> Agree, especially since it's a relatively new proces. Heck, I don't
> even know how to verify a package by its md5sum, let alone how to
> verify with a GPG key. Some basic instructions are very welcome.
This is what falls in the command --help RTFM job, which any lfser ought
to be capable of.
Just like the good old:
-c, --check check MD5 sums against given list
$ md5sum -c MD5SUMS
--verify verify a signature
$ gpg --verify lfs-packages-5.1.1.tar.asc
I'd rather worry about the fact that the tarball is signed not being
mentioned in the book, then provide these basic commands which are
easily found by doing your daily RTFM. It is totally against the
not-spoon-feed everything policy of the last years in the lfs book.
More information about the lfs-dev