Changes between Version 27 and Version 28 of FAQ


Ignore:
Timestamp:
12/15/2010 08:57:28 PM (9 years ago)
Author:
Christian Franke
Comment:

New signing key

Legend:

Unmodified
Added
Removed
Modified
  • FAQ

    v27 v28  
    461461
    462462----
     463
     464=== How can I check that the package hasn't been tampered with? === #check-signature
     465
     466Since the {{{smartmontools}}} utilities run as root, you might
     467be concerned about something harmful being embedded within
     468them. Starting with release 5.19 of {{{smartmontools}}}, the released
     469files have been GPG signed (except releases 5.37 to 5.39.1).
     470The fingerprint are given in a file on the release page with a name
     471like {{{smartmontools-5.40.tar.gz.asc}}}.
     472
     473Please verify these using the
     474 * [http://smartmontools.svn.sourceforge.net/viewvc/smartmontools/trunk/www/SmartmontoolsSigningKey_2010.txt?revision=HEAD Smartmontools GPG Signing Key (2010-2012)]
     475 * [http://smartmontools.svn.sourceforge.net/viewvc/smartmontools/trunk/www/SmartmontoolsSigningKey_2005.txt?revision=HEAD Smartmontools GPG Signing Key (2005-2006)]
     476 * [http://smartmontools.svn.sourceforge.net/viewvc/smartmontools/trunk/www/SmartmontoolsSigningKey.txt?revision=HEAD Smartmontools GPG Signing Key (2003-2004)]
     477
    463478----
    464479
     
    529544
    530545----
    531 
    532 {{{
    533 #!html
    534 
    535 
    536 
    537 <!-- Check Signature -->
    538 <h3><a name="check-signature"></a>How can I check that the package hasn't been tampered with?</h3>
    539 
    540 <p>Since the <tt>smartmontools</tt> utilities run as root, you might
    541 be concerned about something harmful being embedded within
    542 them. Starting with release 5.19 of <tt>smartmontools</tt>, the .rpm
    543 files and tarball have been GPG signed. The tarball's fingerprint is
    544 given in a file on the release page with a name like
    545 <tt>smartmontools-5.32.tar.gz.asc</tt>. </p>
    546 
    547 Please verify these using the
    548 <ul>
    549 <li><a href="SmartmontoolsSigningKey_2005.txt">Smartmontools GPG Signing Key (current)</a></li>
    550 <li><a href="SmartmontoolsSigningKey.txt">Smartmontools GPG Signing Key (before 2005)</a></li>
    551 </ul>
    552 (Recent releases are no longer signed, but <tt>.md5</tt> and <tt>.sha1</tt> files are provided.)
    553 <hr />
    554 
    555 
    556 }}}