[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

02/08: doc: Encourage signature verification.

From: Ricardo Wurmus
Subject: 02/08: doc: Encourage signature verification.
Date: Sun, 25 Jun 2017 16:26:18 -0400 (EDT)

rekado pushed a commit to branch master
in repository guix.

commit 8ceffb2f34a5e8fe156f6e44e404f3eaafa6799a
Author: Ricardo Wurmus <address@hidden>
Date:   Fri Jun 23 09:24:58 2017 +0200

    doc: Encourage signature verification.
    * doc/contributing.texi (Submitting Patches): Remind contributors to verify
    cryptographic signatures.
 doc/contributing.texi | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/doc/contributing.texi b/doc/contributing.texi
index 925c584..0073f24 100644
--- a/doc/contributing.texi
+++ b/doc/contributing.texi
@@ -334,6 +334,12 @@ updates for a given software package in a single place and 
have them
 affect the whole system---something that bundled copies prevent.
+If the authors of the packaged software provide a cryptographic
+signature for the release tarball, make an effort to verify the
+authenticity of the archive.  For a detached GPG signature file this
+would be done with the @code{gpg --verify} command.
 Take a look at the profile reported by @command{guix size}
 (@pxref{Invoking guix size}).  This will allow you to notice references
 to other packages unwillingly retained.  It may also help determine

reply via email to

[Prev in Thread] Current Thread [Next in Thread]