tribes/guix
1
0
Fork 0
mirror of https://git.savannah.gnu.org/git/guix.git synced 2026-04-06 21:20:33 +02:00
Code Activity

doc: Encourage signature verification.

Browse Source 
* doc/contributing.texi (Submitting Patches): Remind contributors to verify
cryptographic signatures.
This commit is contained in:
Ricardo Wurmus
2017-06-23 09:24:58 +02:00
parent 7ceb0a83e3
commit 8ceffb2f34
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
doc/contributing.texi
View File

@@ -333,6 +333,12 @@ distribution to make transverse changes such as applying security
updates for a given software package in a single place and have them
affect the whole system---something that bundled copies prevent.
@item
If the authors of the packaged software provide a cryptographic
signature for the release tarball, make an effort to verify the
authenticity of the archive. For a detached GPG signature file this
would be done with the @code{gpg --verify} command.
@item
Take a look at the profile reported by @command{guix size}
(@pxref{Invoking guix size}). This will allow you to notice references