SF.net SVN: geany-plugins:[1903] www/staging/content/downloads.html
dmaphy at users.sourceforge.net
dmaphy at xxxxx
Sun Feb 6 16:29:31 UTC 2011
Revision: 1903
http://geany-plugins.svn.sourceforge.net/geany-plugins/?rev=1903&view=rev
Author: dmaphy
Date: 2011-02-06 16:29:30 +0000 (Sun, 06 Feb 2011)
Log Message:
-----------
website: add instructions on how to verify the GPG sigs of the tarballs
Modified Paths:
--------------
www/staging/content/downloads.html
Modified: www/staging/content/downloads.html
===================================================================
--- www/staging/content/downloads.html 2011-02-06 15:16:32 UTC (rev 1902)
+++ www/staging/content/downloads.html 2011-02-06 16:29:30 UTC (rev 1903)
@@ -100,3 +100,29 @@
?>
+<h2>verifying signatures</h2>
+<p>The tarballs are signed with a GPG key to make sure the source code
+wasn't compromised somewhere on the net. You can verify you have the correct
+tarballs by checking if the GPG signature is correct. To do this, follow
+these instructions:</p>
+
+<ul>
+ <li>Download the public key from <a href="http://download.geany.org/ntrel-pubkey.txt">
+ http://download.geany.org/ntrel-pubkey.txt</a></li>
+ <li>Import the key via <code>gpg --import < ntrel-pubkey.txt</code></li>
+ <li>Verify the downloaded archive either with
+ <code>gpg --verify geany-0.20.tar.bz2.sig geany-0.20.tar.bz2</code> or
+ <code>gpg --verify geany-0.20.tar.gz.sig geany-0.20.tar.gz</code>
+ </li>
+</ul>
+
+<p>The command's output should state something like "Good Signature" and
+should return exit code 0. If you get another exit code it's likely,
+something went wrong.</p>
+
+<p>Another complete example:</p>
+<code>
+wget http://download.geany.org/ntrel-pubkey.txt<br />
+gpg --import < ntrel-pubkey.txt<br />
+gpg --verify geany-0.20.tar.bz2.sig geany-0.20.tar.bz2
+</code>
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
More information about the Plugins-Commits
mailing list