'[CVS] OpenPKG: openpkg-web security.wml'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openpkg-cvs
Subject:    [CVS] OpenPKG: openpkg-web security.wml
From:       "Michael Schloh" <ms () openpkg ! org>
Date:       2002-01-31 17:29:41
[Download RAW message or body]

  OpenPKG CVS Repository
  http://www.openpkg.org/cvsweb/cvsweb.cgi
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Michael Schloh
  Root:   /e/openpkg/cvs                   Email:  ms@openpkg.org
  Module: openpkg-web                      Date:   31-Jan-2002 18:29:41
  Branch: HEAD                             Handle: 2002013117294100

  Modified files:
    openpkg-web             security.wml

  Log:
    Cleanup and minor corrections.

  Summary:
    Revision    Changes     Path
    1.12        +12 -15     openpkg-web/security.wml
  ____________________________________________________________________________

  Index: openpkg-web/security.wml
  ============================================================
  $ cvs diff -u -r1.11 -r1.12 security.wml
  --- openpkg-web/security.wml	2002/01/31 15:05:27	1.11
  +++ openpkg-web/security.wml	2002/01/31 17:29:41	1.12
  @@ -5,8 +5,7 @@
   
   <h1>Security</h1>
   
  -OpenPKG takes security very seriously. 
  -Experience has shown that "security
  +OpenPKG takes security very seriously. Experience has shown that "security
   through obscurity" does not work. Public disclosure allows for more rapid and
   better solutions to security problems. In that vein, this page addresses
   OpenPKG's status with respect to various known security holes, which could
  @@ -49,7 +48,7 @@
   </ul>
   
   Older releases are not maintained and users are strongly encouraged to upgrade
  -to one of the supported releases mentioned above.  Like all development
  +to one of the supported releases mentioned above. Like all development
   efforts, security fixes are first brought into the OpenPKG-CURRENT branch.
   After a couple of days and some testing, the fix is retrofitted into the
   supported OpenPKG-STABLE branch(es).
  @@ -82,8 +81,7 @@
   OpenPKG releases</a>.
   
   <p>
  -In order to verify the digital signatures you first have to 
  -follow these steps:
  +In order to verify the digital signatures, follow these steps:
   
   <ol>
   <li><b>Install GnuPG</b>
  @@ -92,7 +90,7 @@
       install it by using the OpenPKG <a
       href="ftp://ftp.openpkg.org/release/1.0/SRC/gnupg-1.0.6-1.0.0.src.rpm">
       gnupg</a> package.
  -    Alternatively you can also fetch it from its official homepage <a
  +    Alternatively you can fetch it from its official homepage <a
       href="http://www.gnupg.org/">http://www.gnupg.org/</a> and build/install
       it manually. Then make sure the program <tt>gpg</tt> is in your
       <tt>$PATH</tt>. If you installed it via OpenPKG under <i>prefix</i>
  @@ -115,12 +113,12 @@
   <li><b>Verify the integrity of the imported OpenPKG public key</b>
       <p>
       You always should make sure the imported key is the correct one by
  -    verifying at least its finger-print. For this, run the following
  +    verifying at least its fingerprint. For this, run the following
       command:
       <p>
       <tt>$ gpg --fingerprint openpkg</tt>
       <p>
  -    Make sure it prints the following finger-print:
  +    Make sure it prints the following fingerprint:
       <p>
       <box bdspace=4 bgcolor="#f0f0f0">
       <b>6D96 EFCF CF75 3288 10DB &nbsp; 40C2 8075 93E0 63C4 CB9F</b></pre>
  @@ -134,9 +132,8 @@
       <ul>
       <li><b>Security Advisory Verification</b>
           <p>
  -        To verify
  -        a security advisory, just pipe the message through the following
  -        command:
  +        To verify a security advisory, just pipe the message through the
  +        following command:
           <p>
           <tt>$ gpg --verify</tt>
           <p>
  @@ -148,12 +145,12 @@
           <p>
           <tt>gpg: BAD signature from "OpenPKG &lt;openpkg@openpkg.org&gt;"</tt>
           <p>
  -        you can be sure the message was tampered or provided not by the
  +        you can be sure the message was tampered with or not provided by the
           OpenPKG project.
       <p>
       <li><b>RPM Distribution File Verification</b>
           <p>
  -        To verify an RPM file <i>name</i><tt>.rpm</tt> (both source or
  +        To verify a RPM file <i>name</i><tt>.rpm</tt> (both source or
           binary), run the following command on it:
           <p>
           <tt>$ rpm --checksig <i>name</i>.rpm</tt>
  @@ -166,8 +163,8 @@
           <p>
           <tt><i>name</i>.rpm: md5 GPG NOT OK</tt>
           <p>
  -        you can be sure the RPM was tampered or provided not by the OpenPKG
  -        project.
  +        you can be sure the RPM was tampered with or not provided by the
  +        OpenPKG project.
       </ul>
   </ol>
   
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     openpkg-cvs@openpkg.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic