[Nut-upsuser] Checking NUT signature (was: NUT public key?)
Arnaud Quette
aquette.dev at gmail.com
Fri Jan 27 22:19:35 UTC 2006
2006/1/27, Matthew.van.Eerde at hbinc.com <Matthew.van.Eerde at hbinc.com>:
>
> I've successfully installed and configured NUT on my test machine and am
> moving it into production.
>
> http://www.networkupstools.org/source.html offers some good advice... "You
> should always use PGP/GPG to verify the signatures before using any source
> code"
>
> But where can I find the public key that was used to sign the source?
It's not on any key servers I've been able to query.
>
>
I have the complete website rewrite underway [1], which will add a link on
the ref you cited, stating:
8<---------------------------------------------------------------------------------------------
To verify the source signature of the source code:
1) Download the nut-X.Y.Z.tar.gz and nut-X.Y.Z.tar.gz.sig
2) Import the NUT maintainer GPG key:
$> gpg --keyserver keyring.debian.org --recv-key 204DDF1B
3) call GPG to verify the key:
$> gpg --verify nut-X.Y.Z.tar.gz.sig nut-X.Y.Z.tar.gz
You should see some information, and most of all a "Good signature from ..."
message.
Otherwise, something went wrong. So you should retry to download NUT, and
apply this procedure again!
8<---------------------------------------------------------------------------------------------
thanks for the feedback,
Arnaud
--
[1]
--
Linux / Unix Expert - MGE UPS SYSTEMS - R&D Dpt
Network UPS Tools (NUT) Project Leader - http://www.networkupstools.org/
Debian Developer - http://people.debian.org/~aquette/
OpenSource Developer - http://arnaud.quette.free.fr/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.alioth.debian.org/pipermail/nut-upsuser/attachments/20060127/c798958b/attachment.html
More information about the Nut-upsuser
mailing list