1. How to verify
-
Import our public keyring with the following command:
$ gpg --recv-keys 20F55619
-
Verify the tarball. Here is an example:
$ gpg --verify pacman-tools-0.7.2.tar.gz.asc pacman-tools-0.7.2.tar.gz
gpg: Signature made Sun 14 May 2006 02:35:34 AM CEST using DSA key ID 20F55619
gpg: Good signature from "Frugalware Linux Archives Verification Key \
<frugalware-devel@frugalware.org>"
2. The meaning of this signature
This signature does not guarantee that the Frugalware Linux Archives master site itself has not been compromised. However, if we suffer an intrusion we will revoke the key and post information on the home page as quickly as possible.