Op woensdag 31 oktober 2012 20:45:30 schreef Marcel Kühlhorn:
On Wed, 2012-10-31 at 18:18 +0100, Marcel Kühlhorn wrote:
On Wed, 2012-10-31 at 13:37 +0100, Stephan Kulow wrote:
Hi,
Could someone please setup a wiki page (in case there isn't one yet), so we can add a link to software.o.o? That would be cool.
Greetings, Stephan
-------- Original Message -------- Subject: verify download Date: Wed, 31 Oct 2012 08:01:20 -0400 From: Tom Horsley <X@gmail.com> To: admin@opensuse.org
On the web page http://software.opensuse.org/122/en there is a section on verifying the download. I just spent an hour trying to discover how the hell to actually use the dadgum .asc file, how to download the signing key with --recv-key, etc.
Do you think you could link to some more detailed instructions there somewhere (cause I'm not gonna remember any of this by the time I want to verify the next release).
Thanks.
There is something at http://en.opensuse.org/SDB:Download_help#Checksums but that lacks the .asc method and needs some improvements, I'll look into it.
Done, now someone with the permissions needs to review and accept the changes.
I tried the gpg stuff and as such the commands do work. To verify the fingerprint the command gpg --fingerprint "openSUSE Project Signing Key <opensuse@opensuse.org>" should be added. I also tried gpg -a "openSUSE-12.2-DVD-x86_64.iso.asc" and the result is: gpg: Signature made Thu Aug 30 12:02:40 2012 CEST using RSA key ID 3DBDC284 gpg: Good signature from "openSUSE Project Signing Key <opensuse@opensuse.org>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 22C0 7BA5 3417 8CD0 2EFE 22AA B88B 2FD4 3DBD C284 Something should be added about the warning. -- fr.gr. Freek de Kruijf -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org