On Fri, Nov 29, 2002 at 05:16:37PM +0300, Anatoly Pugachev wrote: > On Thu, Nov 28, 2002 at 10:43:59PM +0300, Solar Designer wrote: > > -rw-r--r-- 1 ftp ftp 35776 Nov 28 22:25 tcb-0.9.8.3.tar.gz > > -rw-r--r-- 1 ftp ftp 331 Nov 28 22:25 tcb-0.9.8.3.tar.gz.sign > > -rw-r--r-- 1 ftp ftp 494 Nov 28 22:33 README > > just a notice... > downloaded this files and tried to verify tcb-0.9.8.3.tar.gz with it's > signature: > > $ gpg --verify tcb-0.9.8.3.tar.gz.sign tcb-0.9.8.3.tar.gz > gpg: Signature made Thu Nov 28 22:24:47 2002 MSK using RSA key ID 295029F1 > gpg: Can't check signature: public key not found > > ofcourse signature can't be checked since i don't have your public key and So get it. :-) > nothing about it in the README. There shouldn't be anything about it in the README or I'd have to place that information into documentation of everything I place anywhere. Each signature file (*.sign) contains the URL: Comment: http://www.openwall.com/signatures/ (It's added there automagically, by a script.) It's also linked from the navigation bar on www.openwall.com (the "signatures" link). Additionally, besides the above URL, the PGP key is available on key servers. You simply notice the key ID and type: gpg --keyserver wwwkeys.pgp.net --recv-key 295029F1 I think this is enough ways to find the key. > suggest to write some instructions to README I disagree. > as like on http://www.kernel.org/signature.html Isn't ours pretty much the same? -- /sd
This archive was generated by hypermail 2.1.3 : Sun Jan 15 2006 - 13:43:17 PST