[system-administrators-guide] Edited the Checking a Package's Signature section for clarity.
jhradile
jhradile at fedoraproject.org
Mon Oct 22 14:30:52 UTC 2012
commit bec6b389e7e9b6e8c0c9e4e774783c8a291fb4fa
Author: Jaromir Hradilek <jhradilek at redhat.com>
Date: Mon Oct 22 13:40:13 2012 +0200
Edited the Checking a Package's Signature section for clarity.
en-US/RPM-Checking_Package_Signatures-Fedora.xml | 9 +++------
1 files changed, 3 insertions(+), 6 deletions(-)
---
diff --git a/en-US/RPM-Checking_Package_Signatures-Fedora.xml b/en-US/RPM-Checking_Package_Signatures-Fedora.xml
index a9e2167..0292dac 100644
--- a/en-US/RPM-Checking_Package_Signatures-Fedora.xml
+++ b/en-US/RPM-Checking_Package_Signatures-Fedora.xml
@@ -9,12 +9,9 @@
<primary>RPM</primary>
<secondary>md5sum</secondary>
</indexterm>
- <para>If you wish to verify that a package has not been corrupted or tampered with, you can examine just the md5sum by entering this command at the shell prompt (where <replaceable><rpm_file></replaceable> is the file name of the RPM package):</para>
- <screen>
-<command>rpm -K --nosignature <replaceable><rpm_file></replaceable>
- </command>
- </screen>
- <para>The output <computeroutput><replaceable><rpm_file></replaceable>: rsa sha1 (md5) pgp md5 OK</computeroutput> (specifically the <emphasis>OK</emphasis> part of it) indicates that the file was not corrupted during download. To see a more verbose message, replace <option>-K</option> with <option>-Kvv</option> in the command.</para>
+ <para>To verify that a package has not been corrupted or tampered with, examine the checksum by typing the following command at a shell prompt (where <replaceable><rpm_file></replaceable> is the file name of the RPM package):</para>
+ <screen><command>rpm -K --nosignature <replaceable><rpm_file></replaceable></command></screen>
+ <para>If the message <computeroutput><replaceable><rpm_file></replaceable>: sha1 md5 OK</computeroutput> (specifically the <emphasis>OK</emphasis> part of it) is displayed, the file was not corrupted during download. To see a more verbose message, replace <option>-K</option> with <option>-Kvv</option> in the command.</para>
<para>On the other hand, how trustworthy is the developer who created the package? If the package is <firstterm>signed</firstterm> with the developer's GnuPG <firstterm>key</firstterm>, you know that the developer really is who they say they are.</para>
<indexterm
significance="normal">
More information about the docs-commits
mailing list