qubes-doc/project-security
Hans Jerry Illikainen dfd7e5ebe1
Verify the release key with --check-signatures
The original instructions on how to verify the release signing key used
the `--list-sigs` option for gpg.  However, unlike `--check-signatures`,
the `--list-sigs` option does not verify the authenticity of key
signatures.

See gpg2(1):

    --list-signatures
    --list-sigs
        Same as --list-keys, but the signatures are listed too.
        [...]
        Note that in contrast to --check-signatures the key signatures
        are not verified.
        [...]

    --check-signatures
    --check-sigs
        Same  as  --list-keys, but the key signatures are verified and
        listed too.
        [...]

This updates the documentation to use `--check-signatures` instead.
2020-07-03 12:37:48 +00:00
..
canaries.md Use default doc layout for project security docs 2019-05-26 20:04:23 -05:00
canary-checklist.md Use default doc layout for project security docs 2019-05-26 20:04:23 -05:00
canary-template.md Use default doc layout for project security docs 2019-05-26 20:04:23 -05:00
security-bulletins-checklist.md Use default doc layout for project security docs 2019-05-26 20:04:23 -05:00
security-bulletins-template.md Use default doc layout for project security docs 2019-05-26 20:04:23 -05:00
security-bulletins.md Use default doc layout for project security docs 2019-05-26 20:04:23 -05:00
security-goals.md Use default doc layout for project security docs 2019-05-26 20:04:23 -05:00
security-pack.md Use default doc layout for project security docs 2019-05-26 20:04:23 -05:00
security.md Add section on security updates 2019-08-26 19:39:40 -05:00
verifying-signatures.md Verify the release key with --check-signatures 2020-07-03 12:37:48 +00:00
xsa.md Use default doc layout for project security docs 2019-05-26 20:04:23 -05:00