* HACKING: Explain how to verify detached signatures with gpg in

the release announcement templates.

diff --git a/ChangeLog b/ChangeLog
index 92a6f8348f6521d26a273e87e4b279b3e44cfd67..1bf9581b29a1b751101fa927a145c60c2b2d448f 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
 2004-09-03  Gary V. Vaughan  <gary@gnu.org>
 
+       * HACKING: Explain how to verify detached signatures with gpg in
+       the release announcement templates.
+
        * AUTHORS: Fix typo in my address.
 
 2004-09-02  Gary V. Vaughan  <gary@gnu.org>,

diff --git a/HACKING b/HACKING
index 0df96e1e2dc3818cf8298326b4c2f6d7bec6351d..b4c88b868665edb75bd2e534059814e9c5bc3424 100644 (file)
--- a/HACKING
+++ b/HACKING
@@ -223,6 +223,11 @@ Here are the gpg detached signatures:
   ftp://alpha.gnu.org/gnu/libtool/libtool-@PREV_RELEASE_VERSION_ON_THIS_BRANCH@-@VERSION@.diff.gz.sig
   ftp://alpha.gnu.org/gnu/libtool/libtool-@PREV_RELEASE_VERSION_ON_THIS_BRANCH@-@VERSION@.xdelta.sig
 
+You should download the signature named after any tarball you download,
+and then verify its integrity with, for example:
+
+  gpg --verify libtool-@VERSION.tar.gz.
+
 Here are the MD5 and SHA1 checksums:
 
   @MD5SUM@ libtool-@VERSION@.tar.gz
@@ -305,6 +310,11 @@ Here are the gpg detached signatures:
   ftp://ftp.gnu.org/gnu/libtool/libtool-@PREV_RELEASE_VERSION_ON_THIS_BRANCH@-@VERSION@.diff.gz.sig
   ftp://ftp.gnu.org/gnu/libtool/libtool-@PREV_RELEASE_VERSION_ON_THIS_BRANCH@-@VERSION@.xdelta.sig
 
+You should download the signature named after any tarball you download,
+and then verify its integrity with, for example:
+
+  gpg --verify libtool-@VERSION.tar.gz.
+
 Here are the MD5 and SHA1 checksums:
 
   @MD5SUM@ libtool-@VERSION@.tar.gz