[prev in list] [next in list] [prev in thread] [next in thread]
List: openpkg-cvs
Subject: [CVS] OpenPKG: openpkg-web index.wml openpkg.pgp security.wml
From: "Ralf S. Engelschall" <rse () openpkg ! org>
Date: 2002-01-31 12:15:51
[Download RAW message or body]
OpenPKG CVS Repository
http://www.openpkg.org/cvsweb/cvsweb.cgi
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: rse@openpkg.org
Module: openpkg-web Date: 31-Jan-2002 13:15:51
Branch: HEAD Handle: 2002013112155000
Modified files:
openpkg-web index.wml openpkg.pgp security.wml
Log:
update our OpenPGP stuff for our new and final key
Summary:
Revision Changes Path
1.24 +4 -3 openpkg-web/index.wml
1.2 +29 -29 openpkg-web/openpkg.pgp
1.8 +5 -6 openpkg-web/security.wml
____________________________________________________________________________
Index: openpkg-web/index.wml
============================================================
$ cvs diff -u -r1.23 -r1.24 index.wml
--- openpkg-web/index.wml 2002/01/12 12:03:21 1.23
+++ openpkg-web/index.wml 2002/01/31 12:15:50 1.24
@@ -90,7 +90,7 @@
<newsflash from="events.txt" max=5 nohead more="events.html">
<p>
-<b>Distribution File Signing:</b>
+<b>OpenPGP Signing:</b>
<p>
The following <a href="http://www.openpgp.org/">OpenPGP</a> key is used to
sign OpenPKG distribution files and security advisories. You can download it
@@ -104,8 +104,9 @@
<p>
<box bdspace=4 bgcolor="#f0f0f0">
<pre>
-pub 1024D/113E6CFC 2001-11-25 The OpenPKG Project <openpkg@openpkg.org>
- Key fingerprint = 8D99 3BBD 6420 7D81 4625 EEC2 463B E53A 113E 6CFC</pre>
+pub 1024D/63C4CB9F 2002-01-31 OpenPKG <openpkg@openpkg.org>
+Key fingerprint = <b>6D96 EFCF CF75 3288 10DB 40C2 8075 93E0 63C4 CB9F</b>
+</pre>
</box>
<p>
Index: openpkg-web/openpkg.pgp
============================================================
$ cvs diff -u -r1.1 -r1.2 openpkg.pgp
--- openpkg-web/openpkg.pgp 2001/11/25 16:48:43 1.1
+++ openpkg-web/openpkg.pgp 2002/01/31 12:15:50 1.2
@@ -1,37 +1,37 @@
The following OpenPGP key is used to sign OpenPKG distribution
files. Its official URL is http://www.openpkg.org/openpkg.pgp
-pub 1024D/113E6CFC 2001-11-25 The OpenPKG Project <openpkg@openpkg.org>
- Key fingerprint = 8D99 3BBD 6420 7D81 4625 EEC2 463B E53A 113E 6CFC
+pub 1024D/63C4CB9F 2002-01-31 OpenPKG <openpkg@openpkg.org>
+ Key fingerprint = 6D96 EFCF CF75 3288 10DB 40C2 8075 93E0 63C4 CB9F
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6
-Comment: The OpenPKG Project <openpkg@openpkg.org>
+Comment: OpenPGP Public Key
+Comment: OpenPKG <openpkg@openpkg.org>
-mQGiBDwA8pgRBADnJ3bY39+OVUc5UrT7+kfODy64o5OTcbzK+/YoZJRoeP6W5YEo
-jlP6RE/ll8hZwh43yoUbHKs/oMs6V8zlnO/dQso2+CghrWy1lYji+S6W/L/MiGJj
-dbxd9n619S40QeqT7doiUN6705JxAcXcY7u6sWPzwuO2jNynmgqHGSvLxwCgn3y8
-+DMzsGprn1wO5l+l9ViM0TMEAKDjGHKgpRuGT/TTVSWDC73v5/jRuUS8iRWydnPs
-wWQXqzKuwL30IAPODx9SqqQ1lZLM3/LQXheAx5o0+M68xbITJEm6kkQ5BvtXx7/3
-Hc5MqU02NUPCgNoIYYeyN3BA+20ZcfwUXDpcKIvoqYer7Pywegejobn0Rl2Ipbwi
-z/EXBAC6duRcRDcgBlKW2NUw05A4rBGN5J1If3NKBuE60eKiARcl9q8kZ4Mxhjn4
-RyYTDfy0X13LDqPjrwKU1VsK4obwirG4Stz47be497FbFmAZe0dopPAas9eJsqZl
-DRhOTBKY5IXutaTab9y42Fsotbm5dvbH+k8+YJldYRwaSaqxBrQpVGhlIE9wZW5Q
-S0cgUHJvamVjdCA8b3BlbnBrZ0BvcGVucGtnLm9yZz6IVwQTEQIAFwUCPADymAUL
-BwoDBAMVAwIDFgIBAheAAAoJEEY75ToRPmz8r2MAn3OWcn7uFah7wyvZxKC30yya
-zO6VAJ99O2RjptumPzLMgm3IEfH9VLcqmbkCDQQ8APKxEAgAz7rhnSF0adRkmBK+
-qW2OiWPzMHG3rzTGZ+H7W4lI8PhZXcISwGoBIyTNkX4iL6WqJ/KMFqFocXbp2tCm
-Tjtcqh8009VbXJjUyYR2rOWJ6xA/ldTCcX9pxR6Ig7bQvboTvcyO4Adtlao9ibrX
-ZRNa9NmVY1OptOeUY1qtCchScMZRJiOlNgIIe0DQQaftrsRMIbR8Xatsup+Xpi7a
-Do1LVMXjOfmzs9FfP43MU2IXbjX5Do0bxda4bmw0+iy8HhM4YyYDvIBOcesXxfGE
-1hnJ9iDkfGdPWqogBRoUrgbISHrhtRY6FRPwQ6pwvM6/c/BBdOp7PewtWjjheIGx
-ctFBqwADBQf/SRUsZvw/xHnD7sSz/X/YsAd0Q6MAeDPKjWklhSoYUV11VlUPXviz
-gU5+8ycqCxA4sRC/je9gSnf/HKhcqx/0dGk05Iq2QftMFEXpiFIm/KBIc8AQPamS
-3/ccy1LJsCQROqxxvPTKP+EiidztG7CRRIyJfRWf/afbnU4E6bTYHDHupyD6+j2H
-hrTRh0iGKA6KAGJ7Ejp3MTYSJNPukwjEc76CxOnCWQgXDDk6OqZfSnivHEwcsYFp
-8iMFp0w6e3RQ113fspaeiBIZz0491gQ7m8Qn7YlXSf4aBw53wbSgaG9MNIZdxPJQ
-hGg7NlldzKZXH7iqu/kIaFG2vD1IaEchnohGBBgRAgAGBQI8APKxAAoJEEY75ToR
-Pmz895cAoIIt72pMitCW4VeG98UC7u4n77cUAKCY71APcp84rvUDJoe8y8DR4zh5
-/g==
-=+QA4
+mQGiBDxZHtoRBADCER9+ncfA7yi5ZyCrgmQwbPjvdAPFnVrUVIiFcvBH5qWpoVOG
+l3BG+fI2DZEO07Lz9Z/IHTE9iTgrV9Dh278oZuK+UW7jBovByjHCJd875diSU7Od
+SaujLBnvDRbAfcgG/kRJI5G8Pmfd39RViQBdw1MZ5ZnHoM810peUv3RLawCg+msN
+ORnJ7JHnEpnrhxOQ1S1cBSMD/0skJcwYn4ORXBCUSpBqzk2Haoch7Eko//H3fQqT
+gA/SVGxcMteFCtoqHbowsfHdeNOyEkjf4umcdJo9Yiwk65oHGwBuvqhsTpQ7mzRq
+dLVAFlpU8pecMfT3ZWCnB+7UfFIzZYemu1RbX5Hn9/kmK9kvu1djmqL+XMlhtS66
+4XH5A/4q7EdCHgrskxViW2MYfINkfWxwYaHv/9UsnmFQXb6Lm6FfU9icNaYieRv1
+yJTAOo+G7m+JEXnXJPv2wiVs0xzI0Ni0WWJo/ILihFGxwma7+auICUYmncnimWkl
+cWAMEspKb439f1j6X3ABQNXsf1li+w3ro7yjpaI2gr5fGX1UU7QdT3BlblBLRyA8
+b3BlbnBrZ0BvcGVucGtnLm9yZz6IVwQTEQIAFwUCPFke2gULBwoDBAMVAwIDFgIB
+AheAAAoJEIB1k+BjxMufXz8An0zGGFWZlQWMumfQ9GX16GNRh5MoAKCqw7xmuDN5
+jWVoSUiDOJlRf3LVL7kCDQQ8WR7iEAgApQrOX0sAWmlKNAwyxUyNbmgBnyqSIcI+
+d8u81kuuOEPpEsiPOG5YI/Bc5osrTGT2q4hdTX9nETqXXRGe+Hu0czHADMS5stPJ
+bSlBVg4VaiKkSTElssiNLNMWPb51UTP/mPYOa7zOhkhXrg49WnvizNBZdurGoLpr
+YDBIo7XW1k8QwJe43xn/GWO8pwTMDr/UUfEPZcSOqdWpkXB9OzPNiq3S+Armnv81
+FakrGCmRWDq4AWtmy2AVpQlcrkG0tQVq0QhFvz8yZ1lKbilrwEIYIEp56wF4k7D9
+t0Vpbi2RhbD/dcfgDN7E+DmEL4VHXBXIz63fnH4duebLTRLV7Qj+ewADBQf/Us7j
+pY8n6jidAE3PtSy3rB+pN2+tzMtov6A+Zx2GHRefM9AwDLe6PRgJTVVQE9WTreuY
+N33y3hf1PvYVBqhxAr031QqCHh1QdvrCJS0qUZk90it3EXUgAyRkD6vJobnsTkqH
+aO1Ndqx8hQFYjpC5Fh3QVNKz4uACwjWPKTkRdihR5clfqIcZ9Mor8A3FBlYA7C8w
++O08uA+OTOmz9CrQlpwRUqaOKRepatv+MMYC4L/CtZEYUvc+fzm3XUYjolZGQiJQ
+T4Kr1XC4sIy22V/oB3dWaJtAbHiTnEmuccn0Q8cOO+K1pZPlTjRjx0E9ZEoy4AXc
+ataTO6Zyzcp2OkHyAYhGBBgRAgAGBQI8WR7iAAoJEIB1k+BjxMufQCwAoMk2qYPz
+k/zbdWHw3BNDlsgo3iUCAJ9uDTvjgw87W5VP02WcgqtZzfLPhQ==
+=vXJp
-----END PGP PUBLIC KEY BLOCK-----
Index: openpkg-web/security.wml
============================================================
$ cvs diff -u -r1.7 -r1.8 security.wml
--- openpkg-web/security.wml 2002/01/12 11:45:49 1.7
+++ openpkg-web/security.wml 2002/01/31 12:15:50 1.8
@@ -6,7 +6,6 @@
<h1>Security</h1>
OpenPKG takes security very seriously.
-# Most security problems brought to our attention are corrected within 48 hours.
Experience has shown that "security
through obscurity" does not work. Public disclosure allows for more rapid and
better solutions to security problems. In that vein, this page addresses
@@ -94,13 +93,13 @@
<li><b>Import the OpenPKG's OpenPGP public key</b>
<p>
You can import the <a href="http://www.openpgp.org/">OpenPGP</a> public
- key of "The OpenPKG Project <openpkg@openpkg.org>" into your
+ key of "OpenPKG <openpkg@openpkg.org>" into your
key-ring in one of the following ways:
<ul>
<li>Directly from the master location (preferred):<br>
<tt>$ lynx -source http://www.openpkg.org/openpkg.pgp | gpg --import</tt>
<li>From the keyserver of the PGP network:<br>
- <tt>$ gpg --recv-keys --keyserver keyserver.pgp.com 113E6CFC</tt>
+ <tt>$ gpg --recv-keys --keyserver keyserver.pgp.com 63C4CB9F</tt>
<li>From an existing OpenPKG hierarchy:<br>
<tt>$ gpg --import <i>prefix</i>/etc/openpkg/openpkg.pgp</tt>
</ul>
@@ -116,7 +115,7 @@
Make sure it prints the following finger-print:
<p>
<box bdspace=4 bgcolor="#f0f0f0">
- <b>8D99 3BBD 6420 7D81 4625 EEC2 463B E53A 113E 6CFC</b></pre>
+ <b>6D96 EFCF CF75 3288 10DB 40C2 8075 93E0 63C4 CB9F</b></pre>
</box>
<p>
<li><b>Verify the security advisory or distribution files</b>
@@ -135,11 +134,11 @@
<p>
Make sure it successfully responds with
<p>
- <tt>gpg: Good signature from "The OpenPKG Project <openpkg@openpkg.org>"</tt>
+ <tt>gpg: Good signature from "OpenPKG <openpkg@openpkg.org>"</tt>
<p>
If instead it responds with (or something else):
<p>
- <tt>gpg: BAD signature from "The OpenPKG Project <openpkg@openpkg.org>"</tt>
+ <tt>gpg: BAD signature from "OpenPKG <openpkg@openpkg.org>"</tt>
<p>
you can be sure the message was tampered or provided not by the
OpenPKG project.
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic