On Mon, Mar 13, 2006 at 03:58:21PM -0500, Fred Tarasevicius wrote: > Hello dev list, > I'm trying to test out the sa-udpate tool on WinXP and it's failing > with fatal: couldn't find GPG in $PATH
Hey Fred.
> After reading through the doc's it seems like GPG is optional but it
> doesn't appear to be acting this way.
According to the docs:
--gpg, --nogpg
sa-update by default will verify update archives by use of a SHA1
checksum and GPG signature. SHA1 hashes can verify whether or not
the downloaded archive has been corrupted, but it does not offer
any form of security regarding whether or not the downloaded ar-
chive is legitimate (aka: non-modifed by evildoers). GPG verifica-
tion of the archive is used to solve that problem.
If you wish to skip GPG verification, you can use the --nogpg
option to disable its use. Use of the following gpgkey-related
options will override --nogpg and keep GPG verification enabled.
--
Randomly Generated Tagline:
Come here, you little raven!
-- Homer Simpson
Treehouse of Horror
pgpV8kVmlV1AF.pgp
Description: PGP signature
