Jason Williams <[EMAIL PROTECTED]> writes:

> This is going to sound incredibly new, but i've never understood how
> to completely verify software that you download.
> 
> For instance, a new Security Advisory was released today regarding the
> shmat reference counting bug
> 
> 
> One thing that I thought of when I was looking at this is the option
> to d/l the patch, then patch your system. I also noticed that there
> was, not only the patch you can download, but the .asc file which is
> supposed to verify the software you download.
> 
> So I wanted to know the methods available that you can use to verify
> software that you d/l?
> How about .asc? I have seen that one before, but not really familiar with it.
> 
> I know you can also use md5 as well as gnupg.
> 
> Anyone care to take a moment and enlighten me with the steps to verify
> software?

The .asc is a PGP signature of the patch file.
It can be verified using GnuPG.
The FreeBSD security officer's key was used to generate it.
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to