Hello, On Fri, Jun 28, 2013 at 9:27 AM, Sergey Budnevitch <[email protected]> wrote:
> > On 28 Jun2013, at 10:15 , Phil Pennock <[email protected]> wrote: > > > On 2013-06-27 at 11:41 -0400, B.R. wrote: > >> The Nginx website's page <http://nginx.org/en/linux_packages.html> on > Linux > >> packages provides you with the key file address: > >> http://nginx.org/en/linux_packages.html > > > > You mean: > > http://nginx.org/keys/nginx_signing.key > You are right... Copy-paste trouble... :o) > > > > (And if you import a file retrieved over plain http straight into your > > trust anchors with no further verification, you have other problems). > You are right, that what people *shall* do (and they also shall not pass). However, I was merely summing up the steps provided before which were not mentioning that either. But you're right: there is one step missing. > We've added short explanation with links to gpg docs about how > and why pgp signatures should be checked: > > http://nginx.org/en/linux_packages.html#signatures > The link to Dewinter's website is broken. Maybe would you like to replace it with http://www.gnupg.org/documentation/howtos.en.html? > > > _______________________________________________ > nginx mailing list > [email protected] > http://mailman.nginx.org/mailman/listinfo/nginx > --- *B. R.*
_______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
