-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
doc: update README with SHASUMS256.txt.sig info #15107
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
SGTM.
Ping @rvagg |
beautiful work! this is exactly what's needed, thanks for contributing this. My only one ask is that you make sure you keep the line lengths of non-breakable text to 80 characters maximum as that's the standard for this file. |
README.md
Outdated
|
||
To verify a SHASUMS256.txt.asc, you will first need to import all of | ||
the GPG keys of individuals authorized to create releases. They are | ||
To verify SHASUMS256.txt has not been altered, you will first need to import all |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
81 chars I think, need to break this to <=80
README.md
Outdated
``` | ||
|
||
After downloading the appropriate SHASUMS256.txt and SHASUMS256.txt.sig files, | ||
you can then use `gpg --verify SHASUMS256.txt.sig SHASUMS256.txt` to verify that |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
81 chars again
It is more secure to verify SHASUMS256.txt files via SHASUMS256.txt.sig than SHASUMS256.txt.asc. [This comment](nodejs#6821 (comment)) does the best job at explaining the issue. Refs: nodejs#6821, nodejs#9071
42a7ee0
to
97e0b32
Compare
updated @rvagg |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sweet 👌
Landed @ c1fce1e, marking for backport to LTS |
It is more secure to verify SHASUMS256.txt files via SHASUMS256.txt.sig than SHASUMS256.txt.asc. This comment does the best job at explaining the issue: #6821 (comment) Refer: #6821 Refer: #9071 PR-URL: #15107 Reviewed-By: Rod Vagg <rod@vagg.org> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: James Snell <jasnell@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
It is more secure to verify SHASUMS256.txt files via SHASUMS256.txt.sig than SHASUMS256.txt.asc. This comment does the best job at explaining the issue: #6821 (comment) Refer: #6821 Refer: #9071 PR-URL: #15107 Reviewed-By: Rod Vagg <rod@vagg.org> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: James Snell <jasnell@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
It is more secure to verify SHASUMS256.txt files via SHASUMS256.txt.sig than SHASUMS256.txt.asc. This comment does the best job at explaining the issue: #6821 (comment) Refer: #6821 Refer: #9071 PR-URL: #15107 Reviewed-By: Rod Vagg <rod@vagg.org> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: James Snell <jasnell@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
It is more secure to verify SHASUMS256.txt files via SHASUMS256.txt.sig than SHASUMS256.txt.asc. This comment does the best job at explaining the issue: #6821 (comment) Refer: #6821 Refer: #9071 PR-URL: #15107 Reviewed-By: Rod Vagg <rod@vagg.org> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: James Snell <jasnell@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
It is more secure to verify SHASUMS256.txt files via SHASUMS256.txt.sig
than SHASUMS256.txt.asc.
This comment does the best job at explaining the issue.
Refs: #6821, #9071
Checklist
Affected core subsystem(s)
doc