udevil/packages/0.2.6/udevil-0.2.6.SHA256.asc
2012-06-03 09:47:45 -06:00

66 lines
2.6 KiB
Plaintext

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
7e6ec346292b1a5c168e92903a6e80b866924872bf3dc954e90e02dc42a003c6 udevil-0.2.6.tar.xz
2b68fad7535f5d2f33ff2b51fbccdbd724f9caab52d08f6e5abc9d0ba09a00b9 udevil-0.2.6-installer.sh
fcbe504ace63b2d869a9f53edffc10b3d107185a6e5b2bbcfbfba4d831dc5e7a udevil_0.2.6-1_all.deb
#
# This file (udevil-0.2.6.SHA256.asc) is used to authenticate download of
# udevil version 0.2.6
#
# Homepage: http://ignorantguru.github.com/udevil/
#
#
# Why Authenticate?
#
# Verifying the authenticity of downloaded files prior to installation is
# important to ensure that your download is not corrupt and that no one has
# tampered with the server holding the files.
#
#
# 1) If you don't already have IgnorantGuru's CURRENT key on your keyring:
#
# gpg --keyserver keys.gnupg.net --recv-keys 0x7977070A723C6CCB696C0B0227A5AC5A01937621
# (if you receive an error, try again)
#
# Also visually verify that the given fingerprint matches the one shown here:
# http://igurublog.wordpress.com/contact-ignorantguru/
#
#
# 2) Download one or more files (the first is required):
#
# wget https://raw.github.com/IgnorantGuru/udevil/master/packages/0.2.6/udevil-0.2.6.SHA256.asc
# wget https://raw.github.com/IgnorantGuru/udevil/master/packages/0.2.6/udevil-0.2.6.tar.xz
# wget https://raw.github.com/IgnorantGuru/udevil/master/packages/0.2.6/udevil-0.2.6-installer.sh
# wget https://raw.github.com/IgnorantGuru/udevil/master/packages/0.2.6/udevil_0.2.6-1_all.deb
#
#
# 3) Check signature and files:
#
# gpg -d udevil-0.2.6.SHA256.asc | sha256sum --check
#
# This should report a good signature and an OK for each file present:
#
# gpg: Signature made <SIGNATURE DATE> using DSA key ID 01937621 <--
# --> udevil-0.2.6.tar.xz: OK
# --> udevil-0.2.6-installer.sh: OK
# --> udevil_0.2.6-1_all.deb: OK
# --> gpg: Good signature from IgnorantGuru <EMAIL>
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# sha256sum: WARNING: x lines are improperly formatted
#
# If "BAD signature" or the wrong key ID is reported, or if FAILED appears
# next to any file you plan to use, DO NOT USE the file. A "key is not
# certified" warning (shown above) is normal and can be safely ignored if
# you visually verified the key fingerprint in step 1.
#
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iF4EAREIAAYFAk/Lhw0ACgkQJ6WsWgGTdiHj6wEAj++Mp/9EA2PHtcnhLZPQlpsl
uQF3fqNASUYHvyt3XngBAKQZyQ3TQGubQyBP7GhkUVH6wQPP5WXgzY6EIwv7mIc1
=jQY5
-----END PGP SIGNATURE-----