[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] r25371: {website} Specify the bundle on the GPG command line, to block an easy (website/trunk/docs/en)



Author: rransom
Date: 2012-02-02 04:25:38 +0000 (Thu, 02 Feb 2012)
New Revision: 25371

Modified:
   website/trunk/docs/en/verifying-signatures.wml
Log:
Specify the bundle on the GPG command line, to block an easy attack

Otherwise, They can put a message with an attached signature in the .asc
file, and GPG will call it good.


Modified: website/trunk/docs/en/verifying-signatures.wml
===================================================================
--- website/trunk/docs/en/verifying-signatures.wml	2012-02-01 22:33:14 UTC (rev 25370)
+++ website/trunk/docs/en/verifying-signatures.wml	2012-02-02 04:25:38 UTC (rev 25371)
@@ -97,7 +97,7 @@
     to download the ".asc" file as well. Assuming you downloaded the
     package and its signature to your Desktop, run:</p>
 
-    <pre>C:\Program Files\Gnu\GnuPg\gpg.exe --verify C:\Users\Alice\Desktop\<file-win32-bundle-stable>.asc</pre>
+    <pre>C:\Program Files\Gnu\GnuPg\gpg.exe --verify C:\Users\Alice\Desktop\<file-win32-bundle-stable>.asc C:\Users\Alice\Desktop\<file-win32-bundle-stable></pre>
 
     <p>The output should say "Good signature": </p>
 
@@ -153,7 +153,7 @@
     to download the ".asc" file as well. Assuming you downloaded the
     package and its signature to your Desktop, run:</p>
 
-    <pre>gpg --verify /Users/Alice/<file-osx-x86-bundle-stable>.asc</pre>
+    <pre>gpg --verify /Users/Alice/<file-osx-x86-bundle-stable>{.asc,}</pre>
 
     <p>The output should say "Good signature": </p>
 

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits