[krbdev.mit.edu #7927] Documentation__For users
Dan Reagan via RT
rt-comment at krbdev.mit.edu
Fri Jun 13 19:06:44 EDT 2014
Is the core issue that there is no documentation for how to actually verify the PGP signature on the tar file, as "MIT highly recommends that you [do]"?
YES
-----Original Message-----
From: Benjamin Kaduk via RT [mailto:rt-comment at krbdev.mit.edu]
Sent: Friday, June 13, 2014 11:29 AM
To: Reagan, Dan
Subject: [krbdev.mit.edu #7927] Documentation__For users
[dan_reagan at mentor.com - Thu May 29 15:52:56 2014]:
> It would be really nice if you could document how to validate the PGP
> signature associated with a particular release.
>
> After more than an hour of searching, I've found no way to validate
> the release provided.
>
> I also note after searching the 'net that there are many others having
> the same problems.
The page http://web.mit.edu/kerberos/krb5-latest/doc/build/index.html discusses the structure of the distribution tarball, and mentions that a PGP signature file is included.
The subject of this ticket mentions the "For users" document, though -- would you have been helped (even partially) by a link to the "Building Kerberos V5" document from the "For users"
document?
Is the core issue that there is no documentation for how to actually verify the PGP signature on the tar file, as "MIT highly recommends that you [do]"?
More information about the krb5-bugs
mailing list