Question in regards to software verification...
Lowell Gilbert
freebsd-questions-local at be-well.ilk.org
Fri Feb 6 08:52:04 PST 2004
Jason Williams <jwilliams at courtesymortgage.com> writes:
> This is going to sound incredibly new, but i've never understood how
> to completely verify software that you download.
>
> For instance, a new Security Advisory was released today regarding the
> shmat reference counting bug
>
>
> One thing that I thought of when I was looking at this is the option
> to d/l the patch, then patch your system. I also noticed that there
> was, not only the patch you can download, but the .asc file which is
> supposed to verify the software you download.
>
> So I wanted to know the methods available that you can use to verify
> software that you d/l?
> How about .asc? I have seen that one before, but not really familiar with it.
>
> I know you can also use md5 as well as gnupg.
>
> Anyone care to take a moment and enlighten me with the steps to verify
> software?
The .asc is a PGP signature of the patch file.
It can be verified using GnuPG.
The FreeBSD security officer's key was used to generate it.
More information about the freebsd-questions
mailing list