httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j...@apache.org
Subject svn commit: r1334829 - /httpd/site/trunk/content/dev/verification.mdtext
Date Sun, 06 May 2012 23:27:09 GMT
Author: joes
Date: Sun May  6 23:27:09 2012
New Revision: 1334829

URL: http://svn.apache.org/viewvc?rev=1334829&view=rev
Log:
indent

Modified:
    httpd/site/trunk/content/dev/verification.mdtext

Modified: httpd/site/trunk/content/dev/verification.mdtext
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/dev/verification.mdtext?rev=1334829&r1=1334828&r2=1334829&view=diff
==============================================================================
--- httpd/site/trunk/content/dev/verification.mdtext (original)
+++ httpd/site/trunk/content/dev/verification.mdtext Sun May  6 23:27:09 2012
@@ -41,41 +41,41 @@ successfully.
 
 First, we will check the detached signature ( `httpd-2.0.44.tar.gz.asc` )
 against our release ( `httpd-2.0.44.tar.gz` ).
-`
-% gpg httpd-2.0.44.tar.gz.asc
-gpg: Signature made Sat Jan 18 07:21:28 2003 PST using DSA key ID DE885DD3
-gpg: Can't check signature: public key not found
-` 
+
+    % gpg httpd-2.0.44.tar.gz.asc
+    gpg: Signature made Sat Jan 18 07:21:28 2003 PST using DSA key ID DE885DD3
+    gpg: Can't check signature: public key not found
+
 We don't have the release manager's public key ( `DE885DD3` ) in our local
 system. You now need to retrieve the public key from a key server. One
 popular server is `pgpkeys.mit.edu` (which has a [web
 interface](http://pgp.mit.edu/) ). The public key servers are linked
 together, so you should be able to connect to any key server.
-`
-% gpg --keyserver pgpkeys.mit.edu --recv-key DE885DD3
-gpg: requesting key DE885DD3 from HKP keyserver pgpkeys.mit.edu
-gpg: trustdb created
-gpg: key DE885DD3: public key "Sander Striker <striker@apache.org>"
-imported
-gpg: Total number processed: 1
-gpg:		   imported: 1
-` 
+
+    % gpg --keyserver pgpkeys.mit.edu --recv-key DE885DD3
+    gpg: requesting key DE885DD3 from HKP keyserver pgpkeys.mit.edu
+    gpg: trustdb created
+    gpg: key DE885DD3: public key "Sander Striker <striker@apache.org>"
+    imported
+    gpg: Total number processed: 1
+    gpg:		   imported: 1
+
 In this example, you have now received a public key for an entity known as
 'Sander Striker <striker@apache.org>' However, you have no way of
 verifying this key was created by the person known as Sander Striker. But,
 let's try to verify the release signature again.
-`
-% gpg httpd-2.0.44.tar.gz.asc
-gpg: Signature made Sat Jan 18 07:21:28 2003 PST using DSA key ID DE885DD3
-gpg: Good signature from "Sander Striker <striker@apache.org>"
-gpg:		     aka "Sander Striker <striker@striker.nl>"
-gpg: checking the trustdb
-gpg: no ultimately trusted keys found
-gpg: WARNING: This key is not certified with a trusted signature!
-gpg:	      There is no indication that the signature belongs to the
-owner.
-Fingerprint: 4C1E ADAD B4EF 5007 579C  919C 6635 B6C0 DE88 5DD3
-` 
+
+    % gpg httpd-2.0.44.tar.gz.asc
+    gpg: Signature made Sat Jan 18 07:21:28 2003 PST using DSA key ID DE885DD3
+    gpg: Good signature from "Sander Striker <striker@apache.org>"
+    gpg:		     aka "Sander Striker <striker@striker.nl>"
+    gpg: checking the trustdb
+    gpg: no ultimately trusted keys found
+    gpg: WARNING: This key is not certified with a trusted signature!
+    gpg:	      There is no indication that the signature belongs to the
+    owner.
+    Fingerprint: 4C1E ADAD B4EF 5007 579C  919C 6635 B6C0 DE88 5DD3
+
 At this point, the signature is good, but we don't trust this key. A good
 signature means that the file has not been tampered. However, due to the
 nature of public key cryptography, you need to additionally verify that key
@@ -98,13 +98,13 @@ an official representative of the Apache
 
 The crucial step to validation is to confirm the key fingerprint of the
 public key.
-`
-% gpg --fingerprint DE885DD3
-pub  1024D/DE885DD3 2002-04-10 Sander Striker <striker@apache.org>
-     Key fingerprint = 4C1E ADAD B4EF 5007 579C  919C 6635 B6C0 DE88 5DD3
-uid			       Sander Striker <striker@striker.nl>
-sub  2048g/532D14CA 2002-04-10
-` 
+
+    % gpg --fingerprint DE885DD3
+    pub  1024D/DE885DD3 2002-04-10 Sander Striker <striker@apache.org>
+    Key fingerprint = 4C1E ADAD B4EF 5007 579C  919C 6635 B6C0 DE88 5DD3
+    uid			       Sander Striker <striker@striker.nl>
+    sub  2048g/532D14CA 2002-04-10
+
 A good start to validating a key is by face-to-face communication with
 multiple government-issued photo identification confirmations. However,
 each person is free to have their own standards for determining the
@@ -123,27 +123,27 @@ For example, the following people have s
 Striker. If you verify any key on this list, you will have a trust path to
 the DE885DD3 key. If you verify a key that verifies one of the signatories
 for DE885DD3, then you will have a trust path. (So on, and so on.)
-`
-pub  1024D/DE885DD3 2002-04-10 Sander Striker <striker@apache.org>
-sig	    E2226795 2002-05-01   Justin R. Erenkrantz
-sig 3	    DE885DD3 2002-04-10   Sander Striker
-sig	    CD4DF205 2002-05-28   Wolfram Schlich
-sig	    E005C9CB 2002-11-17   Greg Stein
-sig	    CC8B0F7E 2002-11-18   Aaron Bannert
-sig	    DFEAC4B9 2002-11-19   David N. Welton
-sig 2	    82AB7BD1 2002-11-17   Cliff Woolley
-sig 2	    13046155 2002-11-28   Thom May
-sig 3	    19311B00 2002-11-17   Chuck Murcko
-sig 3	    F894BE12 2002-11-17   Brian William Fitzpatrick
-sig 3	    5C1C3AD7 2002-11-18   David Reid
-sig 3	    E04F9A89 2002-11-18   Roy T. Fielding
-sig 3	    CC78C893 2002-11-19   Rich Bowen
-sig 3	    08C975E5 2002-11-21   Jim Jagielski
-sig 3	    F88341D9 2002-11-18   Lars Eilebrecht
-sig 3	    187BD68D 2002-11-21   Ben Hyde
-sig 3	    49A563D9 2002-11-23   Mark Cox
-...more signatures redacted...
-` 
+
+    pub  1024D/DE885DD3 2002-04-10 Sander Striker <striker@apache.org>
+    sig	    E2226795 2002-05-01   Justin R. Erenkrantz
+    sig 3	    DE885DD3 2002-04-10   Sander Striker
+    sig	    CD4DF205 2002-05-28   Wolfram Schlich
+    sig	    E005C9CB 2002-11-17   Greg Stein
+    sig	    CC8B0F7E 2002-11-18   Aaron Bannert
+    sig	    DFEAC4B9 2002-11-19   David N. Welton
+    sig 2	    82AB7BD1 2002-11-17   Cliff Woolley
+    sig 2	    13046155 2002-11-28   Thom May
+    sig 3	    19311B00 2002-11-17   Chuck Murcko
+    sig 3	    F894BE12 2002-11-17   Brian William Fitzpatrick
+    sig 3	    5C1C3AD7 2002-11-18   David Reid
+    sig 3	    E04F9A89 2002-11-18   Roy T. Fielding
+    sig 3	    CC78C893 2002-11-19   Rich Bowen
+    sig 3	    08C975E5 2002-11-21   Jim Jagielski
+    sig 3	    F88341D9 2002-11-18   Lars Eilebrecht
+    sig 3	    187BD68D 2002-11-21   Ben Hyde
+    sig 3	    49A563D9 2002-11-23   Mark Cox
+    ...more signatures redacted...
+
 Since the developers are usually quite busy, you may not immediately find
 success in someone who is willing to meet face-to-face (they may not even
 respond to your emails because they are so busy!). If you do not have a
@@ -154,9 +154,9 @@ alternate mechanisms for validation.
 
 Once you have entered the web of trust, you should see the following upon
 verifying the signature of a release.
-`
-% gpg httpd-2.0.44.tar.gz.asc
-gpg: Signature made Sat Jan 18 07:21:28 2003 PST using DSA key ID DE885DD3
-gpg: Good signature from "Sander Striker <striker@apache.org>"
-gpg:		     aka "Sander Striker <striker@striker.nl>"
-` 
+
+    % gpg httpd-2.0.44.tar.gz.asc
+    gpg: Signature made Sat Jan 18 07:21:28 2003 PST using DSA key ID DE885DD3
+    gpg: Good signature from "Sander Striker <striker@apache.org>"
+    gpg:		     aka "Sander Striker <striker@striker.nl>"
+



Mime
View raw message