jasons 01/07/08 16:29:15
Modified: sources/xerces-p ChangeLog
Added: sources/xerces-p download.xml
Log:
* download.xml (Repository):
new info on digital signatures
Revision Changes Path
1.2 +5 -0 xml-site/sources/xerces-p/ChangeLog
Index: ChangeLog
===================================================================
RCS file: /home/cvs/xml-site/sources/xerces-p/ChangeLog,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- ChangeLog 2001/03/27 05:49:35 1.1
+++ ChangeLog 2001/07/08 23:29:14 1.2
@@ -1,3 +1,8 @@
+2001-07-08 Jason E. Stewart <[EMAIL PROTECTED]>
+
+ * download.xml (Repository):
+ new info on digital signatures
+
2001-03-26 Jason E. Stewart <[EMAIL PROTECTED]>
* releases.xml (Repository):
1.1 xml-site/sources/xerces-p/download.xml
Index: download.xml
===================================================================
<?xml version="1.0" standalone="no"?>
<!DOCTYPE s1 SYSTEM "sbk:/style/dtd/document.dtd">
<s1 title="Downloading Xerces.pm">
<s2 title="Getting the source code">
<p> The most current stable source code for Xerces.pm can be
downloaded from <jump
href="http://xml.apache.org/dist/xerces-p/stable/";> here </jump>
</p>
</s2>
<s2 title="Verifying the release">
<p> The current Xerces.pm maintainer, Jason E. Stewart
(<jump
href="mailto:[EMAIL PROTECTED]">[EMAIL PROTECTED]</jump>), signs
every release with his <jump
href="http://www.gnupg.org/";>GnuPG</jump> public key. This is to
help you ensure that you are installing only officially
sanctioned code, from the official maintainer. By downloading
the source code and signature from one location (<jump
href="http://www.apache.org/info/20010519-hack.html";>possibly
open to attack</jump>) and the public key from an official key
server, you greatly reduce the chance of installing software
that is dangerous to you.
</p>
<s3 title="Getting the Public key">
<p> You can use any keyserver you wish, such as <jump
href="http://www.keyserver.net/";>www.keyserver.net</jump>, and
search for <em>[EMAIL PROTECTED]</em> or you can get the
key<jump
href="http://dtype.org:11371/pks/lookup?search=jasons%40apache.org&op=index";>
here </jump>.
</p>
</s3>
<s3 title="Using PGP to verify the code">
<ol>
<li>Add the key to your keyring: <code>
pgpk -a key_file
</code></li>
<li>Verify the source code file <code>
pgpv XML-Xerces-X.Y.Z XML-Xerces-X.Y.Z.asc
</code></li>
<li>If you receive any other response than: <em>Good
signature</em>, something went wrong, so don't trust the
file.
</li>
</ol>
</s3>
<s3 title="Using GnuPG to verify the code">
<ol>
<li>Import the key to your keyring: <code>
gpg --import key_file
</code></li>
<li>Verify the source code file <code>
gpg --verify XML-Xerces-X.Y.Z XML-Xerces-X.Y.Z.asc
</code></li>
<li>If you receive any other response than: <em>gpg: Good
signature</em>, something went wrong, so don't trust the
file.
</li>
</ol>
</s3>
</s2>
</s1>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
