You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've not submitted a PR because I don't know how the signer would like this to be specified.
I downloaded https://github.com/notqmail/notqmail/releases/download/notqmail-1.08/notqmail-1.08.tar.gz and https://github.com/notqmail/notqmail/releases/download/notqmail-1.08/notqmail-1.08.tar.gz.sig recently. I wanted to verify the gzipped tarball according to the signature but there was no link to the public key so that I can use gpg --verify to use public-key cryptography to verify the download.
I ended up asking around in IRC, then doing a Google search for a username that I don't know anything about. I'm new to the qmail world. I ended up finding the (apparently) real name of the person who signed the tarball. I then searched for their name on Google to find their public key fingerprint, and finally used gpg --search-keys to download the public key from a keyserver while hoping that the public keyserver system is presently working.
I know how to use GPG. The problem was that I didn't know which public key to install to verify the signature. It would be very useful to include this in the installation instructions.
Like I mentioned, I would have written the PR myself, but it's not my key and after a recent conversation in #qmail on Freenode, it seems to me that it would be better to leave this to the signer. I would be happy to help write this piece of documentation, however, so if I can help, let me know.
The text was updated successfully, but these errors were encountered:
I've not submitted a PR because I don't know how the signer would like this to be specified.
I downloaded
https://github.com/notqmail/notqmail/releases/download/notqmail-1.08/notqmail-1.08.tar.gz
andhttps://github.com/notqmail/notqmail/releases/download/notqmail-1.08/notqmail-1.08.tar.gz.sig
recently. I wanted to verify the gzipped tarball according to the signature but there was no link to the public key so that I can usegpg --verify
to use public-key cryptography to verify the download.I ended up asking around in IRC, then doing a Google search for a username that I don't know anything about. I'm new to the qmail world. I ended up finding the (apparently) real name of the person who signed the tarball. I then searched for their name on Google to find their public key fingerprint, and finally used
gpg --search-keys
to download the public key from a keyserver while hoping that the public keyserver system is presently working.I know how to use GPG. The problem was that I didn't know which public key to install to verify the signature. It would be very useful to include this in the installation instructions.
Like I mentioned, I would have written the PR myself, but it's not my key and after a recent conversation in #qmail on Freenode, it seems to me that it would be better to leave this to the signer. I would be happy to help write this piece of documentation, however, so if I can help, let me know.
The text was updated successfully, but these errors were encountered: