Date: 06 Feb 2004 11:52:00 -0500 From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> To: Jason Williams <jwilliams@courtesymortgage.com> Cc: freebsd-questions@freebsd.org Subject: Re: Question in regards to software verification... Message-ID: <44d68s8827.fsf@be-well.ilk.org> In-Reply-To: <5.2.1.1.0.20040205110410.00ac7a90@pop.courtesymortgage.com> References: <5.2.1.1.0.20040205110410.00ac7a90@pop.courtesymortgage.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Jason Williams <jwilliams@courtesymortgage.com> writes: > This is going to sound incredibly new, but i've never understood how > to completely verify software that you download. > > For instance, a new Security Advisory was released today regarding the > shmat reference counting bug > > > One thing that I thought of when I was looking at this is the option > to d/l the patch, then patch your system. I also noticed that there > was, not only the patch you can download, but the .asc file which is > supposed to verify the software you download. > > So I wanted to know the methods available that you can use to verify > software that you d/l? > How about .asc? I have seen that one before, but not really familiar with it. > > I know you can also use md5 as well as gnupg. > > Anyone care to take a moment and enlighten me with the steps to verify > software? The .asc is a PGP signature of the patch file. It can be verified using GnuPG. The FreeBSD security officer's key was used to generate it.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44d68s8827.fsf>