manNxN nanny - Cookbook: recipe #117, Signing files to allow users to...

 
 
Show feedback again

recipe #117, Source Code Managers: Signing files to allow users to check their authencity

Users can only check authenticity of files if these files are signed by their(s) author(s). So it is important that developers sign their package, especially software release tarballs.

Obviously, you need our own gpg key to sign files. We will not describe here how to create a such key: please read the GnuPG documentation.

The best is to create a "detached" signature (a signature as separate file, not appended to the original file). You can do that by typing:

When it is done, you can upload both the file and the signature (ending with .sig).

You should make sure that your public key is available through Savane, by registering it at https://gna.org/my/admin/change.php?item=gpgkey

You you could also propagate it to key servers with the following command:

If automated verification fails, you will receive a mail and suspicious files will be moved out in subdirectories called /maybe-corrupted. So you'll be aware if someone who is not member of your project alter your files.

Last update: Tue 31 Oct 2006 05:14:10 PM UTC
This recipe comes from Gna! User Docs

 

 

 

 

 

Audience and Context

Audience:
   All Project Members
Feature:
   Download Area

(As there is at least one of the Audience/Feature/Action context information not set, this recipe will not show up in related recipes links)

Show feedback again

Back to the top


Powered by Savane 3.1-cleanup