Jason Williams <[EMAIL PROTECTED]> writes: > This is going to sound incredibly new, but i've never understood how > to completely verify software that you download. > > For instance, a new Security Advisory was released today regarding the > shmat reference counting bug > > > One thing that I thought of when I was looking at this is the option > to d/l the patch, then patch your system. I also noticed that there > was, not only the patch you can download, but the .asc file which is > supposed to verify the software you download. > > So I wanted to know the methods available that you can use to verify > software that you d/l? > How about .asc? I have seen that one before, but not really familiar with it. > > I know you can also use md5 as well as gnupg. > > Anyone care to take a moment and enlighten me with the steps to verify > software?
The .asc is a PGP signature of the patch file. It can be verified using GnuPG. The FreeBSD security officer's key was used to generate it. _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"