[prev in list] [next in list] [prev in thread] [next in thread]
List: openpkg-cvs
Subject: [CVS] OpenPKG: openpkg-web security.wml
From: "Michael Schloh" <ms () openpkg ! org>
Date: 2002-01-31 17:29:41
[Download RAW message or body]
OpenPKG CVS Repository
http://www.openpkg.org/cvsweb/cvsweb.cgi
____________________________________________________________________________
Server: cvs.openpkg.org Name: Michael Schloh
Root: /e/openpkg/cvs Email: ms@openpkg.org
Module: openpkg-web Date: 31-Jan-2002 18:29:41
Branch: HEAD Handle: 2002013117294100
Modified files:
openpkg-web security.wml
Log:
Cleanup and minor corrections.
Summary:
Revision Changes Path
1.12 +12 -15 openpkg-web/security.wml
____________________________________________________________________________
Index: openpkg-web/security.wml
============================================================
$ cvs diff -u -r1.11 -r1.12 security.wml
--- openpkg-web/security.wml 2002/01/31 15:05:27 1.11
+++ openpkg-web/security.wml 2002/01/31 17:29:41 1.12
@@ -5,8 +5,7 @@
<h1>Security</h1>
-OpenPKG takes security very seriously.
-Experience has shown that "security
+OpenPKG takes security very seriously. Experience has shown that "security
through obscurity" does not work. Public disclosure allows for more rapid and
better solutions to security problems. In that vein, this page addresses
OpenPKG's status with respect to various known security holes, which could
@@ -49,7 +48,7 @@
</ul>
Older releases are not maintained and users are strongly encouraged to upgrade
-to one of the supported releases mentioned above. Like all development
+to one of the supported releases mentioned above. Like all development
efforts, security fixes are first brought into the OpenPKG-CURRENT branch.
After a couple of days and some testing, the fix is retrofitted into the
supported OpenPKG-STABLE branch(es).
@@ -82,8 +81,7 @@
OpenPKG releases</a>.
<p>
-In order to verify the digital signatures you first have to
-follow these steps:
+In order to verify the digital signatures, follow these steps:
<ol>
<li><b>Install GnuPG</b>
@@ -92,7 +90,7 @@
install it by using the OpenPKG <a
href="ftp://ftp.openpkg.org/release/1.0/SRC/gnupg-1.0.6-1.0.0.src.rpm">
gnupg</a> package.
- Alternatively you can also fetch it from its official homepage <a
+ Alternatively you can fetch it from its official homepage <a
href="http://www.gnupg.org/">http://www.gnupg.org/</a> and build/install
it manually. Then make sure the program <tt>gpg</tt> is in your
<tt>$PATH</tt>. If you installed it via OpenPKG under <i>prefix</i>
@@ -115,12 +113,12 @@
<li><b>Verify the integrity of the imported OpenPKG public key</b>
<p>
You always should make sure the imported key is the correct one by
- verifying at least its finger-print. For this, run the following
+ verifying at least its fingerprint. For this, run the following
command:
<p>
<tt>$ gpg --fingerprint openpkg</tt>
<p>
- Make sure it prints the following finger-print:
+ Make sure it prints the following fingerprint:
<p>
<box bdspace=4 bgcolor="#f0f0f0">
<b>6D96 EFCF CF75 3288 10DB 40C2 8075 93E0 63C4 CB9F</b></pre>
@@ -134,9 +132,8 @@
<ul>
<li><b>Security Advisory Verification</b>
<p>
- To verify
- a security advisory, just pipe the message through the following
- command:
+ To verify a security advisory, just pipe the message through the
+ following command:
<p>
<tt>$ gpg --verify</tt>
<p>
@@ -148,12 +145,12 @@
<p>
<tt>gpg: BAD signature from "OpenPKG <openpkg@openpkg.org>"</tt>
<p>
- you can be sure the message was tampered or provided not by the
+ you can be sure the message was tampered with or not provided by the
OpenPKG project.
<p>
<li><b>RPM Distribution File Verification</b>
<p>
- To verify an RPM file <i>name</i><tt>.rpm</tt> (both source or
+ To verify a RPM file <i>name</i><tt>.rpm</tt> (both source or
binary), run the following command on it:
<p>
<tt>$ rpm --checksig <i>name</i>.rpm</tt>
@@ -166,8 +163,8 @@
<p>
<tt><i>name</i>.rpm: md5 GPG NOT OK</tt>
<p>
- you can be sure the RPM was tampered or provided not by the OpenPKG
- project.
+ you can be sure the RPM was tampered with or not provided by the
+ OpenPKG project.
</ul>
</ol>
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic