krb5 commit: Better document how to verify PGP signature
Tom Yu
tlyu at mit.edu
Tue Oct 14 17:06:28 EDT 2014
https://github.com/krb5/krb5/commit/fa4138c7853487105ab3c54e6d176c45eaf8b065
commit fa4138c7853487105ab3c54e6d176c45eaf8b065
Author: Tom Yu <tlyu at mit.edu>
Date: Tue Oct 14 14:31:09 2014 -0400
Better document how to verify PGP signature
Add text clarifying our unusual packaging of the PGP signature inside
a tar file.
ticket: 7927
target_version: 1.13
tags: pullup
doc/build/index.rst | 24 ++++++++++++++----------
1 files changed, 14 insertions(+), 10 deletions(-)
diff --git a/doc/build/index.rst b/doc/build/index.rst
index d89bcba..3416817 100644
--- a/doc/build/index.rst
+++ b/doc/build/index.rst
@@ -30,16 +30,20 @@ Obtaining the software
The source code can be obtained from MIT Kerberos Distribution page,
at http://web.mit.edu/kerberos/dist/index.html.
-The MIT Kerberos distribution comes in an archive file, generally named
-krb5-VERSION.tar, where *VERSION* is a placeholder for the major and minor
-versions of MIT Kerberos. (For example, MIT Kerberos 1.9
-has major version "1" and minor version "9".)
-
-The krb5-VERSION.tar contains a compressed tar file consisting of the
-sources for all of Kerberos (generally krb5-VERSION.tar.gz) and
-a PGP signature file for this source tree (generally
-krb5-VERSION.tar.gz.asc). MIT highly recommends that you verify
-the integrity of the source code using this signature.
+The MIT Kerberos distribution comes in an archive file, generally
+named krb5-VERSION-signed.tar, where *VERSION* is a placeholder for
+the major and minor versions of MIT Kerberos. (For example, MIT
+Kerberos 1.9 has major version "1" and minor version "9".)
+
+The krb5-VERSION-signed.tar contains a compressed tar file consisting
+of the sources for all of Kerberos (generally named
+krb5-VERSION.tar.gz) and a PGP signature file for this source tree
+(generally named krb5-VERSION.tar.gz.asc). MIT highly recommends that
+you verify the integrity of the source code using this signature,
+e.g., by running::
+
+ tar xf krb5-VERSION-signed.tar
+ gpg --verify krb5-VERSION.tar.gz.asc
Unpack krb5-VERSION.tar.gz in some directory. In this section we will assume
that you have chosen the top directory of the distribution the directory
More information about the cvs-krb5
mailing list