LFS Package GPG Signature

Archaic archaic at indy.rr.com
Mon Jun 7 13:05:22 PDT 2004


On Mon, Jun 07, 2004 at 06:27:06PM +0200, Ronald Hummelink wrote:
> Jeroen Coumans wrote:
> >
> >Agree, especially since it's a relatively new proces. Heck, I don't 
> >even know how to verify a package by its md5sum, let alone how to 
> >verify with a GPG key. Some basic instructions are very welcome.
> >
> This is what falls in the command --help RTFM job, which any lfser ought 
> to be capable of.

That mentality is shaky and ambiguous depending on who the lfs'er is.

Q: Do newbies download kernels and build them?
A: Rarely, if ever.
Q: Then why does kernel.org tell people how to import a key and verify?
A: Because it is a simple thing to do it, and can help many people.

I am not advocating putting instructions in the book. What I am
advocating is a link in the book pointing to a page on LFS.org that
gives a simple example like: http://kernel.org/signature.html. Notice,
that the key is not directly linked to kernel.org, but the fingerpring
and key are displayed in text with a simple command to import from a
keyserver.

-- 
Archaic

Sometimes the law defends plunder and participates in it. Sometimes the
law places the whole apparatus of judges, police, prisons and gendarmes
at the service of the plunderers, and treats the victim - when he
defends himself -- as a criminal.

- Frederic Bastiat, "The Law"




More information about the lfs-dev mailing list