Revision: 1903 http://geany-plugins.svn.sourceforge.net/geany-plugins/?rev=1903&view=re... Author: dmaphy Date: 2011-02-06 16:29:30 +0000 (Sun, 06 Feb 2011)
Log Message: ----------- website: add instructions on how to verify the GPG sigs of the tarballs
Modified Paths: -------------- www/staging/content/downloads.html
Modified: www/staging/content/downloads.html =================================================================== --- www/staging/content/downloads.html 2011-02-06 15:16:32 UTC (rev 1902) +++ www/staging/content/downloads.html 2011-02-06 16:29:30 UTC (rev 1903) @@ -100,3 +100,29 @@
?>
+<h2>verifying signatures</h2> +<p>The tarballs are signed with a GPG key to make sure the source code +wasn't compromised somewhere on the net. You can verify you have the correct +tarballs by checking if the GPG signature is correct. To do this, follow +these instructions:</p> + +<ul> + <li>Download the public key from <a href="http://download.geany.org/ntrel-pubkey.txt"> + http://download.geany.org/ntrel-pubkey.txt</a></li> + <li>Import the key via <code>gpg --import < ntrel-pubkey.txt</code></li> + <li>Verify the downloaded archive either with + <code>gpg --verify geany-0.20.tar.bz2.sig geany-0.20.tar.bz2</code> or + <code>gpg --verify geany-0.20.tar.gz.sig geany-0.20.tar.gz</code> + </li> +</ul> + +<p>The command's output should state something like "Good Signature" and +should return exit code 0. If you get another exit code it's likely, +something went wrong.</p> + +<p>Another complete example:</p> +<code> +wget http://download.geany.org/ntrel-pubkey.txt<br /> +gpg --import < ntrel-pubkey.txt<br /> +gpg --verify geany-0.20.tar.bz2.sig geany-0.20.tar.bz2 +</code>
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.