URL:
<
http://gna.org/cookbook/?func=detailitem&item_id=117>
Summary/Question: Signing a file using GnuPG
Project: Gna! Administration
Submitted by: yeupou
Submitted on: jeudi 24.11.2005 à 17:30
Category: Source Code Managers
Importance: 3 - Normal
Status: Approved
Privacy: Public
Assigned to: None
Open/Closed: Open
_______________________________________________________
Details:
Users can only check authenticity of files if these files are
signed by their(s) author(s). So it is important that developers sign
their package, especially software release tarballs.
Obviously, you need our own gpg key to sign files. We will not
describe here how to create a such key: please read the GnuPG
documentation.
The best is to create a "detached" signature (a signature as
separate file, not appended to the original file). You can do that by
typing:
<i>gpg --detach myfile</i>
When it is done, you can upload both the file and the
signature (ending with .sig).
You should make sure that your public key is available through Savane, by
registering it at
https://gna.org/account/change.php?item=gpgkey
You you could also propagate it to key servers with the following command:
<i>gpg --send-key</i>
If automated verification fails, you will receive a mail and suspicious files
will be moved out in subdirectories called <i>/maybe-corrupted</i>. So you'll
be aware if someone who is not member of your project alter your files.
_______________________________________________________
Reply to this item at:
<
http://gna.org/cookbook/?func=detailitem&item_id=117>
_______________________________________________
Message posté via/par Gna!
http://gna.org/
_______________________________________________
Help mailing list
Help@gna....
http://mail.gna.org:8080/listinfo/help
opensubscriber is not affiliated with the authors of this message nor responsible for its content.
Delicious
Digg
reddit
Facebook
StumbleUpon
