mirror of
https://github.com/QubesOS/qubes-doc.git
synced 2025-03-21 05:56:28 -04:00
b59cbe5420
...with a trusted signature! There is no indication that the signature
belongs to the owner."
With this edit, I'm aiming to assist the beginner reader who walked the
following breadcrumbs:
Should I trust this website?
==> verify the PGP signatures on the commits and/or tags
Detailed steps suggested by the docs along these breadcrumbs:
1) `git clone git@github.com:QubesOS/qubesos.github.io.git`
2) Verify the PGP sigs on the commits and/or tags
a) get properly validated GPG keys (available in the Qubes Security Pack)
i. `git clone https://github.com/QubesOS/qubes-secpack.git`
ii. `gpg --import qubes-secpack/keys/*/*`
iii. Verify/trust the QMSK (details given on the page)
b) `cd qubesos.github.io`
c) `git verify-commit 45ca80e8` (one of Andrew's recent commits)
RESULT: The WARNING pops up, because the user has not yet ultimately PGP
trusted Andrew's E11D 15C6 D204 3576 9FFA A456 8CE1 3735 2A01 9A17
key.