path: root/FAQ
diff options
authorJason Woodward2007-06-16 06:41:11 +0000
committerJason Woodward2007-06-16 06:41:11 +0000
commit3faba5e19be6cea47ce315e4ee5aca032eea1090 (patch)
tree6febf3e1591b8067bf6913100d67bde979c2b91b /FAQ
parent549fdf52b1b021c0f608e0a5285461f4e5f6d782 (diff)
* added GPG signature verification via gpgme (thanks Pat Volkerding for
adding gpgme to -current) * Updated downloading in libslapt for better notification. This also resulted in some simplification in code. Removed unused DEBUG ifdefs. Removed deprecated translation strings. Added error condition strings and slapt_strerror() function. New translation strings. Bumped to 0.9.12.
Diffstat (limited to 'FAQ')
1 files changed, 13 insertions, 0 deletions
diff --git a/FAQ b/FAQ
index 790b62f..fe85d01 100644
--- a/FAQ
+++ b/FAQ
@@ -53,6 +53,7 @@ Frequently Asked Questions:
50. What about mirror fall back / fail-over ?
51. How do I install a kernel rather than upgrade the existing kernel?
52. What are the relationships of CHECKSUMS.md5, PACKAGES.TXT and package_data?
+53. Does slapt-get support the GPG/PGP signature verification?
@@ -1167,3 +1168,15 @@ Frequently Asked Questions:
source and continue.
+53. Does slapt-get support the GPG/PGP signature verification?
+ Yes, as of 0.9.12 slapt-get can be built with gpgme support that allows
+ slapt-get to verify the signature of the CHECKSUMS file on each mirror.
+ This requires the presence of the signature file and the GPG-KEY file on
+ the package source. The GPG-KEY is imported into the local keychain using
+ the --add-keys option. When running --update, the signature file for the
+ CHECKSUMS listing is downloaded and verification is attempted. If the key
+ is not present slapt-get mentions this and continues on. slapt-get only halts
+ if verification failed.