From: Gary V. Vaughan <gary@gnu.org>
Date: Fri, 3 Sep 2004 00:34:48 +0000 (+0000)
Subject: * HACKING: Explain how to verify detached signatures with gpg in
X-Git-Tag: release-1-9d~70
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c9e032e031b12f6e5e2de6823b1f860df2a5197b;p=thirdparty%2Flibtool.git

* HACKING: Explain how to verify detached signatures with gpg in
the release announcement templates.
---

diff --git a/ChangeLog b/ChangeLog
index 92a6f8348..1bf9581b2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
 2004-09-03  Gary V. Vaughan  <gary@gnu.org>
 
+	* HACKING: Explain how to verify detached signatures with gpg in
+	the release announcement templates.
+
 	* AUTHORS: Fix typo in my address.
 
 2004-09-02  Gary V. Vaughan  <gary@gnu.org>,
diff --git a/HACKING b/HACKING
index 0df96e1e2..b4c88b868 100644
--- a/HACKING
+++ b/HACKING
@@ -223,6 +223,11 @@ Here are the gpg detached signatures:
   ftp://alpha.gnu.org/gnu/libtool/libtool-@PREV_RELEASE_VERSION_ON_THIS_BRANCH@-@VERSION@.diff.gz.sig
   ftp://alpha.gnu.org/gnu/libtool/libtool-@PREV_RELEASE_VERSION_ON_THIS_BRANCH@-@VERSION@.xdelta.sig
 
+You should download the signature named after any tarball you download,
+and then verify its integrity with, for example:
+
+  gpg --verify libtool-@VERSION.tar.gz.
+
 Here are the MD5 and SHA1 checksums:
 
   @MD5SUM@ libtool-@VERSION@.tar.gz
@@ -305,6 +310,11 @@ Here are the gpg detached signatures:
   ftp://ftp.gnu.org/gnu/libtool/libtool-@PREV_RELEASE_VERSION_ON_THIS_BRANCH@-@VERSION@.diff.gz.sig
   ftp://ftp.gnu.org/gnu/libtool/libtool-@PREV_RELEASE_VERSION_ON_THIS_BRANCH@-@VERSION@.xdelta.sig
 
+You should download the signature named after any tarball you download,
+and then verify its integrity with, for example:
+
+  gpg --verify libtool-@VERSION.tar.gz.
+
 Here are the MD5 and SHA1 checksums:
 
   @MD5SUM@ libtool-@VERSION@.tar.gz