mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-25 05:48:07 -05:00
doc: Encourage signature verification.
* doc/contributing.texi (Submitting Patches): Remind contributors to verify cryptographic signatures.
This commit is contained in:
parent
7ceb0a83e3
commit
8ceffb2f34
1 changed files with 6 additions and 0 deletions
|
@ -333,6 +333,12 @@ distribution to make transverse changes such as applying security
|
|||
updates for a given software package in a single place and have them
|
||||
affect the whole system---something that bundled copies prevent.
|
||||
|
||||
@item
|
||||
If the authors of the packaged software provide a cryptographic
|
||||
signature for the release tarball, make an effort to verify the
|
||||
authenticity of the archive. For a detached GPG signature file this
|
||||
would be done with the @code{gpg --verify} command.
|
||||
|
||||
@item
|
||||
Take a look at the profile reported by @command{guix size}
|
||||
(@pxref{Invoking guix size}). This will allow you to notice references
|
||||
|
|
Loading…
Reference in a new issue