Question in regards to software verification...

Lowell Gilbert freebsd-questions-local at
Fri Feb 6 08:52:04 PST 2004

Jason Williams <jwilliams at> writes:

> This is going to sound incredibly new, but i've never understood how
> to completely verify software that you download.
> For instance, a new Security Advisory was released today regarding the
> shmat reference counting bug
> One thing that I thought of when I was looking at this is the option
> to d/l the patch, then patch your system. I also noticed that there
> was, not only the patch you can download, but the .asc file which is
> supposed to verify the software you download.
> So I wanted to know the methods available that you can use to verify
> software that you d/l?
> How about .asc? I have seen that one before, but not really familiar with it.
> I know you can also use md5 as well as gnupg.
> Anyone care to take a moment and enlighten me with the steps to verify
> software?

The .asc is a PGP signature of the patch file.
It can be verified using GnuPG.
The FreeBSD security officer's key was used to generate it.

More information about the freebsd-questions mailing list