Skip Menu |
 

From: "Reagan, Dan" <dan_reagan@mentor.com>
To: "krb5-bugs@mit.edu" <krb5-bugs@mit.edu>
Subject: Documentation__For users
Date: Thu, 29 May 2014 19:35:48 +0000

It would be really nice if you could document how to validate the PGP signature associated with a particular release.

 

After more than an hour of searching, I’ve found no way to validate the release provided.

 

I also note after searching the ‘net that there are many others having the same problems.

 

 

-------------------

Dan S. Reagan

Licensing Software Engineer

Mentor Graphics Corporation

Phone: 503.685.1884

Fax: 503.685.1461

 

[dan_reagan@mentor.com - Thu May 29 15:52:56 2014]:

Show quoted text
> It would be really nice if you could document how to validate the PGP
> signature associated with a particular release.
>
> After more than an hour of searching, I've found no way to validate
> the release provided.
>
> I also note after searching the 'net that there are many others having
> the same problems.

The page http://web.mit.edu/kerberos/krb5-latest/doc/build/index.html discusses the
structure of the distribution tarball, and mentions that a PGP signature file is included.

The subject of this ticket mentions the "For users" document, though -- would you have been
helped (even partially) by a link to the "Building Kerberos V5" document from the "For users"
document?

Is the core issue that there is no documentation for how to actually verify the PGP signature on
the tar file, as "MIT highly recommends that you [do]"?
From: "Reagan, Dan" <dan_reagan@mentor.com>
To: "rt-comment@krbdev.mit.edu" <rt-comment@krbdev.mit.edu>
Subject: RE: [krbdev.mit.edu #7927] Documentation__For users
Date: Fri, 13 Jun 2014 23:06:39 +0000
RT-Send-Cc:
Download (untitled) / with headers
text/plain 1.2KiB

 

Is the core issue that there is no documentation for how to actually verify the PGP signature on the tar file, as "MIT highly recommends that you [do]"?

 

YES

 

-----Original Message-----
From: Benjamin Kaduk via RT [mailto:rt-comment@krbdev.mit.edu]
Sent: Friday, June 13, 2014 11:29 AM
To: Reagan, Dan
Subject: [krbdev.mit.edu #7927] Documentation__For users

 

[dan_reagan@mentor.com - Thu May 29 15:52:56 2014]:

 

> It would be really nice if you could document how to validate the PGP

> signature associated with a particular release.

>

> After more than an hour of searching, I've found no way to validate

> the release provided.

>

> I also note after searching the 'net that there are many others having

> the same problems.

 

The page http://web.mit.edu/kerberos/krb5-latest/doc/build/index.html discusses the structure of the distribution tarball, and mentions that a PGP signature file is included.

 

The subject of this ticket mentions the "For users" document, though -- would you have been helped (even partially) by a link to the "Building Kerberos V5" document from the "For users"

document?

 

Is the core issue that there is no documentation for how to actually verify the PGP signature on the tar file, as "MIT highly recommends that you [do]"?

From: tlyu@mit.edu
Subject: git commit

Better document how to verify PGP signature

Add text clarifying our unusual packaging of the PGP signature inside
a tar file.

https://github.com/krb5/krb5/commit/fa4138c7853487105ab3c54e6d176c45eaf8b065
Author: Tom Yu <tlyu@mit.edu>
Commit: fa4138c7853487105ab3c54e6d176c45eaf8b065
Branch: master
doc/build/index.rst | 24 ++++++++++++++----------
1 files changed, 14 insertions(+), 10 deletions(-)
From: "Reagan, Dan" <dan_reagan@mentor.com>
To: "rt-comment@krbdev.mit.edu" <rt-comment@krbdev.mit.edu>
Subject: RE: [krbdev.mit.edu #7927] git commit
Date: Tue, 14 Oct 2014 21:23:55 +0000
RT-Send-Cc:
EXACTLY what I was looking for.

Thanks!

Show quoted text
-----Original Message-----
From: Tom Yu via RT [mailto:rt-comment@krbdev.mit.edu]
Sent: Tuesday, October 14, 2014 2:06 PM
To: Reagan, Dan
Subject: [krbdev.mit.edu #7927] git commit


Better document how to verify PGP signature

Add text clarifying our unusual packaging of the PGP signature inside a tar file.

https://github.com/krb5/krb5/commit/fa4138c7853487105ab3c54e6d176c45eaf8b065
Author: Tom Yu <tlyu@mit.edu>
Commit: fa4138c7853487105ab3c54e6d176c45eaf8b065
Branch: master
doc/build/index.rst | 24 ++++++++++++++----------
1 files changed, 14 insertions(+), 10 deletions(-)
From: tlyu@mit.edu
Subject: git commit

Better document how to verify PGP signature

Add text clarifying our unusual packaging of the PGP signature inside
a tar file.

(cherry picked from commit fa4138c7853487105ab3c54e6d176c45eaf8b065)

https://github.com/krb5/krb5/commit/0d551dad36c5d91a93f1a8dd70bee25fb10c42aa
Author: Tom Yu <tlyu@mit.edu>
Commit: 0d551dad36c5d91a93f1a8dd70bee25fb10c42aa
Branch: krb5-1.13
doc/build/index.rst | 24 ++++++++++++++----------
1 files changed, 14 insertions(+), 10 deletions(-)