|
From: | carl hansen |
Subject: | bug#22276: .sig |
Date: | Wed, 30 Dec 2015 16:19:05 -0800 |
ftp://....
’2,"As usual, make sure to download the associated .sig file and to verify the authenticity of the tarball against it!"
For those who know what you mean by that, the footnote is superfluous, for those who don't know, it is opaque. I do the usual investigation, come up with
gpg --verify guix-binary-0.9.0.x86_64-linux.tar.xz.sig
gpg: armor header: Version: GnuPG v2
gpg: assuming signed data in `guix-binary-0.9.0.x86_64-linux.tar.xz'
gpg: Signature made Wed 04 Nov 2015 10:23:38 AM PST using RSA key ID 3D9AEBB5
gpg: Can't check signature: public key not found
after reading the gpg man page, with its multivarous options. So now I need
"gpg --import *.asc" is how you import it into the public keyring
But now I have to find the .asc file...
**UNIX, world's largest Adventure game** as we used to say 30 years ago.
Is there some reason the actual command line to verify the sig cannot be put into the manual?
[Prev in Thread] | Current Thread | [Next in Thread] |