The branch master has been updated via b5e01cf04697cb5914660f417864c02e5f39ade0 (commit) from 9579941abf5a9b26da8fa05058e820a75c78de9f (commit)
- Log ----------------------------------------------------------------- commit b5e01cf04697cb5914660f417864c02e5f39ade0 Author: Rich Salz <rs...@akamai.com> Date: Fri Jun 17 09:46:34 2016 -0400 Tweak "check authenticity" answer. ----------------------------------------------------------------------- Summary of changes: docs/faq.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/faq.txt b/docs/faq.txt index 3a50651..9953c23 100644 --- a/docs/faq.txt +++ b/docs/faq.txt @@ -162,10 +162,10 @@ so that the special release is no longer necessary. * How do I check the authenticity of the OpenSSL distribution? -We provide MD5 digests and ASC signatures of each tarball. -Use MD5 to check that a tarball from a mirror site is identical: +We provide PGP signatures and a variety of digests on each release. +For example: - md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5 + sha1sum TARBALL | awk '{print $1;}' | cmp - TARBALL.sha1 You can check authenticity using pgp or gpg. You need the OpenSSL team member public key used to sign it (download it from a key server, see a _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits