From owner-freebsd-questions@FreeBSD.ORG Fri Feb 6 08:52:04 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9D4CA16A538 for ; Fri, 6 Feb 2004 08:52:03 -0800 (PST) Received: from sccrmhc11.comcast.net (sccrmhc11.comcast.net [204.127.202.55]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5E71043D1D for ; Fri, 6 Feb 2004 08:52:02 -0800 (PST) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: from be-well.no-ip.com ([66.30.196.44]) by comcast.net (sccrmhc11) with ESMTP id <2004020616520101100t3qb0e>; Fri, 6 Feb 2004 16:52:01 +0000 Received: by be-well.no-ip.com (Postfix, from userid 1147) id 2640511; Fri, 6 Feb 2004 11:52:01 -0500 (EST) Sender: lowell@be-well.ilk.org To: Jason Williams References: <5.2.1.1.0.20040205110410.00ac7a90@pop.courtesymortgage.com> From: Lowell Gilbert Date: 06 Feb 2004 11:52:00 -0500 In-Reply-To: <5.2.1.1.0.20040205110410.00ac7a90@pop.courtesymortgage.com> Message-ID: <44d68s8827.fsf@be-well.ilk.org> Lines: 26 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: freebsd-questions@freebsd.org Subject: Re: Question in regards to software verification... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Feb 2004 16:52:04 -0000 Jason Williams writes: > This is going to sound incredibly new, but i've never understood how > to completely verify software that you download. > > For instance, a new Security Advisory was released today regarding the > shmat reference counting bug > > > One thing that I thought of when I was looking at this is the option > to d/l the patch, then patch your system. I also noticed that there > was, not only the patch you can download, but the .asc file which is > supposed to verify the software you download. > > So I wanted to know the methods available that you can use to verify > software that you d/l? > How about .asc? I have seen that one before, but not really familiar with it. > > I know you can also use md5 as well as gnupg. > > Anyone care to take a moment and enlighten me with the steps to verify > software? The .asc is a PGP signature of the patch file. It can be verified using GnuPG. The FreeBSD security officer's key was used to generate it.