Alexander Dalloz alexander.dalloz at
Fri Jul 23 14:37:34 UTC 2004

Am Fr, den 23.07.2004 schrieb John Dangler um 16:11:

Preface: why do you fiddle around with the source tarballs? Apache2 is
available in version 2.0.50 for FC1 and FC2.

> Is there a 'preferred' method of validating/using keys?

Install the GPG key of the repository manager into your rpm database and
validate packages against that key.

> I had a recommendation earlier for using gnugpg (although I'm somewhat new
> to Linux, so I'm still learning about keys and usage), but I just downloaded
> a fresh copy of Apache and they recommend validating using either pgp/gpg or
> md5.

md5sum foo
--> will print out a md5 sum which you can compare with the given md5
sum on the website for the download.

For GPG/PGP keys use gpg command to verify the signature. The Apache
site for instance explains the needed steps in detail:

> John Dangler


Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) kernel 
Serendipity 16:28:04 up 1 day, 1:16, load average: 0.16, 0.26, 0.25 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : 

More information about the users mailing list