mirror of
https://github.com/QubesOS/qubes-doc.git
synced 2024-12-24 23:09:29 -05:00
b59cbe5420
...with a trusted signature! There is no indication that the signature belongs to the owner." With this edit, I'm aiming to assist the beginner reader who walked the following breadcrumbs: Should I trust this website? ==> verify the PGP signatures on the commits and/or tags Detailed steps suggested by the docs along these breadcrumbs: 1) `git clone git@github.com:QubesOS/qubesos.github.io.git` 2) Verify the PGP sigs on the commits and/or tags a) get properly validated GPG keys (available in the Qubes Security Pack) i. `git clone https://github.com/QubesOS/qubes-secpack.git` ii. `gpg --import qubes-secpack/keys/*/*` iii. Verify/trust the QMSK (details given on the page) b) `cd qubesos.github.io` c) `git verify-commit 45ca80e8` (one of Andrew's recent commits) RESULT: The WARNING pops up, because the user has not yet ultimately PGP trusted Andrew's E11D 15C6 D204 3576 9FFA A456 8CE1 3735 2A01 9A17 key. |
||
---|---|---|
.. | ||
canary-checklist.md | ||
canary-template.md | ||
canary.md | ||
pgp-keys.md | ||
qsb-checklist.md | ||
qsb-template.md | ||
qsb.md | ||
security-pack.md | ||
security.md | ||
verifying-signatures.md | ||
xsa.md |