Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

doc: update README with SHASUMS256.txt.sig info #15107

Closed
wants to merge 1 commit into from

Conversation

maclover7
Copy link
Contributor

It is more secure to verify SHASUMS256.txt files via SHASUMS256.txt.sig
than SHASUMS256.txt.asc.

This comment does the best job at explaining the issue.

Refs: #6821, #9071

Checklist
Affected core subsystem(s)

doc

@nodejs-github-bot nodejs-github-bot added the doc Issues and PRs related to the documentations. label Aug 31, 2017
Copy link
Member

@lpinca lpinca left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SGTM.

@gibfahn gibfahn requested a review from rvagg September 3, 2017 16:37
@BridgeAR
Copy link
Member

Ping @rvagg

@rvagg
Copy link
Member

rvagg commented Sep 12, 2017

beautiful work! this is exactly what's needed, thanks for contributing this. My only one ask is that you make sure you keep the line lengths of non-breakable text to 80 characters maximum as that's the standard for this file.

README.md Outdated

To verify a SHASUMS256.txt.asc, you will first need to import all of
the GPG keys of individuals authorized to create releases. They are
To verify SHASUMS256.txt has not been altered, you will first need to import all
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

81 chars I think, need to break this to <=80

README.md Outdated
```

After downloading the appropriate SHASUMS256.txt and SHASUMS256.txt.sig files,
you can then use `gpg --verify SHASUMS256.txt.sig SHASUMS256.txt` to verify that
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

81 chars again

It is more secure to verify SHASUMS256.txt files via SHASUMS256.txt.sig
than SHASUMS256.txt.asc.

[This comment](nodejs#6821 (comment)) does the best job at explaining the issue.

Refs: nodejs#6821, nodejs#9071
@maclover7
Copy link
Contributor Author

updated @rvagg

Copy link
Member

@rvagg rvagg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sweet 👌

@rvagg
Copy link
Member

rvagg commented Sep 13, 2017

Landed @ c1fce1e, marking for backport to LTS

@rvagg rvagg closed this Sep 13, 2017
rvagg pushed a commit that referenced this pull request Sep 13, 2017
It is more secure to verify SHASUMS256.txt files via SHASUMS256.txt.sig
than SHASUMS256.txt.asc.

This comment does the best job at explaining the issue:
  #6821 (comment)

Refer: #6821
Refer: #9071
PR-URL: #15107
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: James Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
@maclover7 maclover7 deleted the jm-shasums-sig branch September 13, 2017 19:26
jasnell pushed a commit that referenced this pull request Sep 20, 2017
It is more secure to verify SHASUMS256.txt files via SHASUMS256.txt.sig
than SHASUMS256.txt.asc.

This comment does the best job at explaining the issue:
  #6821 (comment)

Refer: #6821
Refer: #9071
PR-URL: #15107
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: James Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
MylesBorins pushed a commit that referenced this pull request Oct 17, 2017
It is more secure to verify SHASUMS256.txt files via SHASUMS256.txt.sig
than SHASUMS256.txt.asc.

This comment does the best job at explaining the issue:
  #6821 (comment)

Refer: #6821
Refer: #9071
PR-URL: #15107
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: James Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
@MylesBorins MylesBorins mentioned this pull request Oct 17, 2017
MylesBorins pushed a commit that referenced this pull request Oct 25, 2017
It is more secure to verify SHASUMS256.txt files via SHASUMS256.txt.sig
than SHASUMS256.txt.asc.

This comment does the best job at explaining the issue:
  #6821 (comment)

Refer: #6821
Refer: #9071
PR-URL: #15107
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: James Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
@MylesBorins MylesBorins mentioned this pull request Nov 3, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
doc Issues and PRs related to the documentations.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants